The CyberWire Daily Briefing 6.20.18

Summary

By The CyberWire Staff

Symantec reported late yesterday its discovery of an extensive Chinese cyberespionage campaign targeting US satellite operators, telecommunications companies, and defense contractors. The campaign's goal is interception of military and civilian communications. Symantec has notified the appropriate US authorities.

According to Bitdefender, the Zacinlo rootkit is out in renewed form, this time concealed within a malicious VPN product, S5Mark. It affects Windows 10 machines.

Developers failure to secure Google Firebase apps has resulted in more than three-thousand leaky apps. Appthority says more than one-hundred-million records have been exposed by inattentive development.

In another instance of black markets behaving like legitimate markets, the proprietor of the Kardon Loader (nom-de-hack "Yattaze") is soliciting beta-testing for their malware. Researchers at Arbor’s Security Engineering & Response Team (ASERT) say Kardon Loader allows users to build their own botshop, with potential for resale on the criminal-to-criminal market.

Cryptocurrencies fell today on news that another South Korean exchange, Bithumb, was looted of about $31 million.

Akamai notes declarations of #Opicarus2018 emerging from the hive-mind of Anonymous. The calls to action project attacks on financial institution between the 21st and 28th of June. The op includes or subsumes several others: #OpPayBack, #OpIcarus, #DeleteTheElite, and #SosNicaragua. Anonymous ops have tended to fizzle badly over the last several years, but the declared targets would do well be on heightened alert over the next week or so.

The European Parliament passed a new copyright regulation out of committee. Critics say it will turn the Internet into a surveillance and control tool.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, India, Iran, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Philippines, Russia, South Africa, United Kingdom, United States

How sharp is your incident response to cyber threats? Learn more in LookingGlass’ webinar!

Enabling your team with high-quality threat intelligence is imperative to stopping cyber attacks BEFORE they breach your network. But what distinguishes high-quality, actionable threat intelligence from low-quality "noise"? How are cutting edge CISOs and IT security teams applying threat intelligence to incident response? Find out in LookingGlass’ webinar with Security Ledger. Tuesday, June 26 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast we hear from our partners at the University of Bristol, as Professor Awais Rashid explains why real-world experimentation is vital to cyber security. Our guest is Dr. Chris Pierson from Binary Sun Cyber Risk Advisors, who offers some perspective on reports of sabotage at Tesla Motors.

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China-based campaign breached satellite, defense companies: Symantec (Reuters) A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said on Tuesday.

Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies (Symantec Threat Intelligence Blog) Symantec’s artificial intelligence-based Targeted Attack Analytics uncovers new wide-ranging espionage operation.

APT15 Pokes Its Head Out With Upgraded MirageFox RAT (Threatpost) This is the first evidence of the China-linked threat actor's activity since hacked the U.K. government and military in 2017 (which wasn't made public until 2018).

How North Korea's hackers have changed (Cyberscoop) Priscilla Moriuchi, director of strategic threat development for ‎Recorded Future speaks on how North Korea has changed their hacking techniques.

The Theft and Reuse of Advanced Offensive Cyber Weapons Pose A Growing Threat (Council on Foreign Relations) Almost exactly a year ago, North Korea and Russia reused a vulnerability stolen from the U.S. government to conduct the WannaCry and NotPetya ransomware attacks. Is the theft and reuse of vulnerabilities likely to be the norm?

Anomymous #OPICARUS2018 (Akamai) Operation #OpIcarus2018 has been announced and it encompasses several on-going campaigns, including #OpPayBack, #OpIcarus, #DeleteTheElite, and #SosNicaragua.

Cryptocurrencies Fall as Korean Exchange Says $32 Million of Coins Stolen (Bloomberg.com) Cryptocurrencies dropped after the second South Korean exchange in as many weeks said it was hacked, renewing concerns about the safety of digital-asset trading venues.

Kardon Loader Looks for Beta Testers (Arbor Networks Threat Intelligence) Key Findings ASERT researchers discovered Kardon Loader being advertised on underground forums. Kardon Loader features functionality allowing customers to open their own botshop, which grants the purchaser the ability to rebuild the bot and sell access to others. Kardon Loader is in early stages of development,

Phishers Use 'ZeroFont' Technique to Bypass Office 365 Protections (SecurityWeek) Cybercriminals use a technique dubbed by researchers ZeroFont to bypass Office 365 phishing protections

3,000+ mobile apps leaking data from unsecured Firebase databases (Help Net Security) Appthority found over 3,000 mobile apps leaking sensitive personal and business data from 2,300 unsecured Firebase databases.

Appthority Discovers Thousands of Apps with Firebase Vulnerability Exposing Sensitive Data (Appthority) Appthority has discovered a significant mobile data vulnerability related to Google Firebase which has resulted in the exposure of a wide range and large amounts of sensitive data through thousands of mobile apps. The exposure is not due to malicious code, but simply to developer carelessness with securing mobile app data stores. Get the Full …

Beware this Android emulator, it's hijacking your GPU to mine cryptocurrency (TechRepublic) Users have accused Andy OS Android Emulator of secretly dropping a cryptocurrency miner on your system that runs endlessly.

Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US (BleepingComputer) Security researchers from Romania-based antivirus vendor Bitdefender have detailed the operations of an adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.

S5Mark is a 'VPN' that is actually a rootkit in disguise, BitDefender says (PCWorld) A new rootkit, Zacinlo, that attacks United States users of Windows 10 has re-surfaced. It's hidden inside a "VPN" that promises to secure your PC.

Mylobot Malware Brings New Sophistication to Botnets (Dark Reading) The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.

Stop downloading fake malicious Fortnite Android apps (HackRead) Fortnite players watch out; cybercriminals are scamming users with fake malicious Fortnite apps - Its Android version is yet to be released.

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users (TrendLabs Security Intelligence Blog) We observed a campaign that uses SMS as an entry point to deliver FakeSpy, which can steal text messages, account information, contacts, and call records.

Millions of Streaming Devices Are Vulnerable to a Retro Web Attack (WIRED) Using a technique called DNS rebinding, one amateur hacker found vulnerabilities in devices from Google, Roku, Sonos, and more.

ATM Hacking: You Don't Have to Pay to Play (LookingGlass Cyber Solutions Inc.) US Banks are getting Skin in the Game How many times have you used an Automated Teller Machine (ATM) in your life? Probably too many times to count, and, June 19, 2018

Flaw in Google Home and Chromecast devices reveals user location (HackRead) Google Home and Chromecast devices are leaking location data of their users - If you are a Google Home and Chromecast users watch out.

Secure Phishing: Netflix Phishing Goes TLS (SANS Internet Storm Center) A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.Phishing for Netflix accounts isn't new. But recently, I see a large number of phishing e-mails for Netflix that lead to sites with valid TLS certificates.

Elon Musk Sends Company-Wide Email About Tesla Saboteur and ‘Outside Forces’ (Motherboard) The Tesla CEO told employees that someone within the company has been committing corporate espionage.

Employee negligence still poses major security concerns (Help Net Security) With most working adults in the U.S. admitting to potentially risky behavior at work, employee negligence poses major security concerns for U.S. businesses.

This Programmer Scraped LinkedIn to Find People Who Work at ICE (Motherboard) This isn't the first time that public information sources have been scraped to shed light on government employees.

Most Websites and Web Apps No Match for Attack Barrage (Dark Reading) The average website is attacked 50 times per day, with small businesses especially vulnerable.

Eleven-hour Microsoft Azure outage hits Northern Europe region (Computing) North Europe Azure outage blamed on datacentre temperature issue - but customers are still complaining this morning

Ericsson apologises for Telstra Wholesale outage (CRN Australia) ALDI, Woolworths Mobile customers affected.

Data breach at CarePartners (North Bay Nugget) One of the province's most well-known home care service providers has become victim of a cyber-attack.

Security Patches, Mitigations, and Software Updates

Vendor Patches Seven Vulnerabilities Across 392 Camera Models (BleepingComputer) Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models.

Microsoft adds resiliency, redundancy, security to Windows Server 2019 (Network World) Windows Server 2019 upgrades enable greater scalability and more reliable recovery from outages for Shielded Virtual Machines.

Cyber Trends

Execs don't believe their companies learn the right lessons in cybersecurity (Help Net Security) A majority of executives around the world feel their organizations can do better when it comes to learning from their past cyber mistakes.

Inferring Internet security posture by country through port scanning (Help Net Security) The National Exposure Index aims to better understand global Internet security posture and how exposure levels look around the globe.

EU's data rules may push improvements in PH cybersecurity (Rappler) Any business that will involve EU citizens must comply with the EU's General Data Protection Regulation, spurring Philippine companies to improve practices, says Trend Micro

Marketplace

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties (KrebsOnSecurity) In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T, Sprint and Verizon now say they are terminating location data sharing agreements with third parties.

Verizon Says It Will Stop Selling US Phone Data That Ended Up in Hands of Cops (Motherboard) Verizon and other telcos have been selling phone location data to companies catering to marketers and low level law enforcement. Now, Verizon says it is cutting ties with certain firms that abused that data access.

Huawei calls Australian security fears ‘ill-informed and not based on facts’ (Lightwave) Facing the prospect of being banned from bidding on Australia’s national 5G mobile services roll out, the senior leadership of Huawei Australia issued an open letter to members of the country’s Parliament stating that suggestions the company is an agent of the Chinese Government, and therefore a national security threat, are “ill-informed and not based on facts.”

Kaspersky freezes all European projects in protest over EU ban (CRN Australia) Eugene Kaspersky warns EU's decision "plays into the hands of criminals".

Researchers claim Chrome bug bounty paid to the wrong people (Naked Security) Yubico has been drawn into a rare public spat over how the discovery of a security flaw affecting it products was credited.

Cylance Announces $120 Million Funding Round (TheCourierExpress.com) Cylance Inc., the company that revolutionized endpoint security by delivering AI-powered threat prevention, today announced that it has closed a $120 million funding round led by

CrowdStrike Announces $200 Million Series E Financing Round (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that the company has executed a financing round of over $200 mil

Pondering an IPO, cyber security company CrowdStrike raises $200 million at over $3 billion valuation (TechCrunch) CrowdStrike, the developer of a security technology that looks at changes in user behavior on networked devices and uses that information to identify potential cyber threats, has reached a $3 billion valuation on the back of a new $200 million round of funding. The company’s hosted endpoint s…

How Crowdstrike's $3bn valuation stacks up against its peers (CRN) The endpoint protection vendor has joined the cyberscurity big league following a $200m funding round - but how does its fresh $3bn valuation compare with next-gen and legacy rivals?

Zilliqa Accelerates Development with a $5M Developer Grant Program (BusinessWire) Zilliqa, one of the leading companies solving the issue of blockchain scalability, has announced the details of a $5 million grant program for teams a

Columbia innovation center will work with Cyber Command on new technology (Technical.ly Baltimore) The Maryland Innovation and Security Institute is partnering with U.S. Cyber Command on DreamPort.

A Merger That Would Have Made Crypto Investing Easier Fails (WIRED) The deal would have united a a risk-averse financial trust in Kentucky with a venture-backed startup in Silicon Valley.

Telstra to axe at least 8000 jobs, reorganise management in major overhaul (CRN Australia) Cutting levels of management and spinning off infrastructure business.

Products, Services, and Solutions

Duo Security Brings Zero-Trust Protection to Modern Workforce with Sophos Mobile Integration (Duo Security) Duo Security, a leading provider of zero-trust security with Duo Beyond, today introduced an integration with Sophos Mobile that helps organizations confidently support their growing mobile workforce while ensuring strong mobile security, regardless of whether their end-user devices are personal or corporate-issued.

Palo Alto Networks extends Cyber Range reach through first APAC facility (Security Brief) The Sydney Cyber Range is now the company’s first Asia Pacific Cyber Range facility, and the fourth permanent facility worldwide.

Windmill Announces Rivetz Partnership (PR Newswire) Leading information technology company Windmill...

Pulse Secure Extends Secure Access Capabilities for Microsoft AzureEnables hybrid IT deployment flexibility, scale, resiliency and cost-effective operation | Markets Insider (Business Insider) Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service provider...

Bomgar Enhances Privileged Access Management IGA Integrations and Application Access (BusinessWire) Bomgar, a leader in secure access solutions, today announced the release of Bomgar Privileged Access 18.2. With enhanced integrations with IGA solutio

VirusTotal Monitor: Software That Can’t Run Can’t Eat (Medium) “Software is Eating the World” - Marc Andreessen, 2011

Gigamon’s inline bypass threat prevention helps to secure the network (Intelligent CIO Middle East) Modern enterprises rely on high-speed networks to increase productivity, find innovative solutions and enhance collaboration. However, these increased network data rates and resulting network upgrades can have major consequences for security administrators – especially those who rely on best-of-breed inline threat prevention tools. Gigamon, the company leading the convergence of security and network operations, is

Gemalto Shines at Homeland Security 2018 Biometric Rally (Business Post Nigeria) It was a good outing for Gemalto as its Facial Recognition Solution.

Scan QR Codes Safely with the Trend Micro QR Scanner (CSO) Using your camera and a QR code scanner on your mobile device, it’s easy to scan a code to download an app or go to a website—a bit too easy, ...

Keepsafe launches a privacy-focused mobile browser (TechCrunch) Keepsafe, the company behind the private photo app of the same name, is expanding its product lineup today with the release of a mobile web browser. Co-founder and CEO Zouhair Belkoura argued that all of Keepsafe’s products (which also include a VPN app and a private phone number generator) a…

Nvidia announces availability of Kubernetes on its GPUs (Computing) TensorRT and TensorFlow Integration tools are now also available

Technologies, Techniques, and Standards

Kubernetes is a seachange technology - IT leaders should be at the helm (Computing) Kubernetes is now the de facto standard for deploying cloud applications

Kubernetes skills demand continues to soar – but are organisations dropping the ball on security? (Cloud Tech News) If you have Kubernetes skills then you will almost certainly be in demand from employers. But beware the security risks when getting involved.

This Independent Cybersecurity Product Review Doubles as an outline for how to start threat hunting with existing tools and skills (Bricata) This review serves as more than a demonstration of product capabilities – it also provides an outline for how a security operations center (SOC) can begin hunting threats with a tool the staff already know and use. #ids #ips #threathunting

Design and Innovation

How The NSA Can Use Blockchain To "Connect The Dots" Securely—With Smart Contracts (National Interest) Mass security breaches like the 2013 Snowden data dump could be prevented by putting classified documents on the blockchain.

Cryptography is the Bombe: Britain's Enigma-cracker on display in new home (Register) Replica war-winner now in Bletchley Park's historic Block H

Research and Development

Man 1, machine 1: landmark debate between AI and humans ends in draw (the Guardian) IBM shows off Project Debater, artificial intelligence project designed to make coherent arguments as it processes vast data sets

IBM shows off an artificial intelligence that can debate a human – and do pretty well (USA TODAY) The San Francisco event was the first time anyone outside of IBM was able to witness a live debate between a human and its artificial intelligence system.

SafeBreach Announces Issuance of Breach and Attack Simulation Patents After $15 Million Round of Investor Funding (IPWatchdog) SafeBreach recently announced the issuance of three U.S. patents in the field of breach and attack simulation. This news follows weeks after SafeBreach closed a $15 million series B round of funding involving backing from major payment solutions firm PayPal.

Academia

UGA is cyber ready to help state fight hacker attacks (UGA Today) Cybercrime takes one of our society’s great strengths—the Internet—and exploits its weaknesses. The threat seems inescapable, no matter where you are. In 2017, a cyberattack forced the cancellation of thousands of medical operations and appointments at hospitals in the United Kingdom, a blackout in Ukraine was traced to malicious software, and Uber disclosed that hackers …

ECU claims double win at WA Information Technology and Telecommunications Alliance Incite Awards (Community News Group) A maths app and cyber safety program for children added up to a double win for ECU in WA's technology awards

Legislation, Policy and Regulation

The Unexpected Fallout of Iran's Telegram Ban (WIRED) In Iran, secure messaging app Telegram effectively is the internet. The government blocked it at the end of April.

EU votes for copyright law that would make internet a 'tool for control' (the Guardian) MEPs defy warnings from internet pioneers, civil liberties groups and commercial interests

Europe takes another step towards copyright pre-filters for user generated content (TechCrunch) In a key vote this morning the European Parliament’s legal affairs committee has backed the two most controversial elements of a digital copyright reform package — which critics warn could have a chilling effect on Internet norms like memes and also damage freedom of expression online. …

EU copyright reforms draw fire from internet luminaries as key vote... (Reuters) Europe's attempts to force Google, Microsoft and other tech giants to share revenues with publishers and bear liability for internet content have triggered criticism from internet pioneers ahead of a key vote on Wednesday.

The End of All That's Good and Pure About the Internet (Gizmodo) We regret to inform you that the internet is on red alert once again. On Wednesday, the EU’s Legislative Committee voted to adopt sweeping measures that will upend the web in every way that we know it. Memes, news, Wikipedia, art, privacy, and the creative side of fandom are all at risk of being destroyed or kneecapped.

Bipartisan Senate Vote to Punish ZTE Heightens Pressure on Trump (Bloomberg.com) The U.S. Senate passed legislation on Monday evening that would restore penalties on the Chinese telecom giant ZTE Corp., complicating President Donald Trump’s efforts to ease sanctions on the company.

Are Trump and Republicans headed for a cybersecurity showdown? (Fifth Domain) A meeting between President Donald Trump and top GOP senators over the risks and regulation of Chinese telecom ZTE could indicate the administration's cyber strategy.

Senators demand creation of tech cybersecurity council (Fifth Domain) Security concerns surrounding companies like Russia-based Kaspersky and China-based ZTE have motivated members of the Senate to call for a council to evaluate supply chain vulnerabilities.

Private sector warms to Cyber Command hacking back (Cyberscoop) The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector.

U.S. Cyber Command is best suited to hack back, experts say (Fedscoop) It’s probably not the best idea to allow private companies to retaliate against hackers — that’s a job best suited for the U.S. government, a panel of cybersecurity experts argued this week. The three individuals, with experience in the private sector, intelligence community and military, said at a panel organized by APCO that if companies feel compelled to …

The Argument for a Cyber Response Playbook (The Cipher Brief) The Trump administration has a dozen top cybersecurity priorities ranging from a new national cyber strategy to dealing with increasingly bold nation-state adversaries. One priority – that should be near the top of the stack – may not be obvious, but it is critical: a determined study of the responses to past incidents and …

Analysis | The Cybersecurity 202: 'A wake up call.' OPM data stolen years ago surfacing now in financial fraud case (Washington Post) Lawmakers want to protect the victims.

Fleet Cyber Command has a new leader (Fifth Domain) Vice Adm. Timothy White took command of Fleet Cyber Command.

Litigation, Investigation, and Enforcement

WikiLeaks Shares Alleged Diaries of Accused CIA Leaker Joshua Schulte (Motherboard) The secret-spilling organization posted a series of first-person missives allegedly written by Joshua Schulte. The undated letters chronicle Schulte’s arrest and time in jail.

China increases its surveillance state (CSO Online) China plans to add bio-recognition technology to subways and to install RFID chips in vehicle windshields.

Why regulator wants answers from South African insurer Liberty following cyber attack (CNBC Africa) Insurer Liberty Holdings faced questions from South Africa’s Information Regulator on Monday, a day after the company said it had become the victim of a cyber attack. The regulator said it was concerned about the data breach and wanted to meet the insurer to get more details. Liberty’s shares fell 5 percent …

Microsoft's Ethical Reckoning Is Here (WIRED) Revelation of contract with US immigration agency sparks criticism amid family separations

Is shadow IT opening you up to GDPR risk? (Computing) Storing data on a personal database doesn't make the company any less liable

Language Matters When It Comes to a Data Breach (Security Boulevard) While the term "data breach" has been used as a catch-all phrase, not all cyberincidents result in a compromise of data.

Misguided “Bitcoin Baron” Hacker Gets 20-Months (Infosecurity Magazine) Arizona man sent down for DDoS attacks

16 arrested for hacking Internet cafes to mine cryptocurrency (HackRead) The group of hackers mined Siacoin cryptocurrency from hacked computer systems at hundreds of Internet cafes in the country.

How a Nigerian Prince scam victim got his money back after 10 years (Naked Security) The Nigerian prince never showed up but the victim’s $110,000 did, eventually.

Email Mistake Costs Chicago School Employee a Job (Infosecurity Magazine) A Chicago Public Schools employee accidentally sent an email containing student and family data.

Inside the Crypto World's Biggest Scandal (WIRED) One couple thought they held the secret to building a new decentralized utopia. On the way, they plunged into a new kind of hell. A crypto-tragedy in three acts.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.