The CyberWire Daily Briefing 6.25.18

Summary

By The CyberWire Staff

An increase in cyber operations directed against Taiwan is observed as China's policy toward what it regards as a breakaway province hardens.

AlienVault examines malicious documents used by North Korea's Lazarus Group against South Korean targets.

Scammers are demanding protection money in advance, threatening prospective victims with a WannaCry infection and loss of data if the victims don't pay up. Anyone receiving this threatening email should ignore it. The senders have no ransomware; it's a pure scam.

GDPR implementation has inspired a wave of data extortion scams. The TAD GROUP warns that one such crime wave is hitting companies in Bulgaria. The extortionists threaten, not encryption, but rather public release of personal data. The risk is exposure to potentially very heavy GDPR penalties.

Business email compromise attacks appear to be rising. So too are ransomware attacks, especially against US municipal governments. These enterprises are often poorly secured, and the lasting damage done to the City of Atlanta has put the fear of hackers into them.

Police in Ukraine have arrested four young men on charges of running a fraudulent cryptocurrency exchange. Cryptocurrency mining and other forms of fraud exact a toll on alt-coin values.

The extent to which the US is offering ZTE any sort of lifeline seems likely to be much attenuated. Congress is on the warpath, agencies are quietly advising companies to stop doing business with ZTE and Huawei, and the Administration is working on a broad range of trade sanctions against Chinese tech firms and investment generally.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, India, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Russia,Taiwan, Ukraine, United Kingdom, and United States.

Learn four incident response lessons from high-profile breaches.

Most enterprises know that they are constantly under attack but haven’t fully embraced some lessons to be learned from real-world, high-profile security incidents. Watch this free webinar, presented by experts from Coalfire and Arete Advisors, to learn four practical lessons that will help you avoid damaging losses and minimize negative impacts of cybersecurity incidents.

On the Podcast

In today's podcast we hear from our partners at the SANS Institute as Johannes Ullrich (who's also behind the SANS StormCast podcast) discusses evasive cryptocoin miners.

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Taiwan hit by jump in cyber attacks from China (Financial Times) Rise in hacking attempts part of Beijing’s hardening approach to Taipei, experts say.

Malicious Documents from Lazarus Group Targeting South Korea (AllienVault) We took a brief look at some documents recently discussed and reviewed by researchers in South Korea over the past week. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the

Fake news a ‘nuisance’ for Israel, not a dire threat, says country’s cyber chief (Times of Israel) While Americans sound the alarm over covert social media manipulation, Israeli expert says no sign of Russian efforts to impact politics here

“WannaCrypt” ransomware scam demands payment in advance! (Naked Security) To avoid the need for actual ransomware, just insist on payment up front…

Hundreds Report WannaCry Phishing Campaign (Infosecurity Magazine) Action Fraud warns UK users not to fall for scam

Ransomhack; a new attack blackmailing business owners using GDPR (HackRead) Hackers are threatening firms to leak stolen user data online to hurt them through GDPR regulations - In return they are demanding ransom.

Losses due to BEC scams are escalating (Help Net Security) Despite falling down on the list of most often reported Internet-facilitated crimes, BEC/EAC is still the type of crime that results in the biggest losses.

This Windows malware turns your PC into a hacker’s punching bag (TechRadar) Mylobot malware is a nasty critter

Windows malware sleeps for days then deploys additional payloads (Backend News) Security firm Deep Instinct recently uncovered a new malware that uses a more deceptive approach and then converts PCs to practically the hackers’ botnet. Mylobot …

Downloading 3rd Party OpenVPN Configs May Be Dangerous. Here’s Why. (BleepingComputer) Call me a cynic, but one thing I have learned from the using the Internet is to double-check, if not triple-check, everything you download. So many downloads have malware, adware, and scripts that perform malicious activities on your computer that it has to be a requirement to thoroughly check a download before it's used.

Microsoft Edge bug allows attackers to read emails and Facebook feed (2Spyware) Microsoft Edge is on fire - a new security feature bypass vulnerability detected. CVE-2018-8235 — the latest Microsoft Edge vulnerability detected by an independent security researcher

If you can’t steal them, mine them - Cryptocurrency threat roundup (Proofpoint) Proofpoint researchers detail the current state of cryptocurrencies in cybercrime.

Cryptojacking - The Parasitical Crime (Infosecurity Magazine) Cryptojacking doesn’t destroy data. Instead, it chews up computing resources. Have criminals have finally found a largely victimless crime?

Switch-hacking trolls reportedly loading p[...]nographic profile pictures (Ars Technica) Leaked "DevMenu" tools get around Nintendo's usual online restrictions.

Red Alert Android Trojan for Rent at $500 Per Month (SecurityWeek) The Red Alert 2.0 Android Trojan first detailed in September last year is currently available for rent on underground forums at $500 per month, Trustwave reports.

Roku TV, Sonos Speaker Devices Open to Takeover (Threatpost) The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.

Someone Is Taking Over Insecure Cameras and Spying on Device Owners (BleepingComputer) Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user's equipment and its video stream.

Researchers Warn of Hackable Baby Monitor (Infosecurity Magazine) SEC Consult confirms mother’s suspicion she was spied on

Holy Potatoes! Popular games remove “spyware” after gamers revolt (Naked Security) Whether what Red Shell does is an invasion of privacy or a harmless tool seems to depend on whether you’re a developer or a gamer.

iPhone pwned? Researcher says he can unlock iOS without running out of tries (Naked Security) A security researcher says he’s found a way to guess iPhone lock codes without getting blocked after 10 mistakes.

Bitcoin sites play down security threats despite Korea attack (Stuff) British MPs assured that bitcoin and other cryptocurrencies are still relatively safe.

Cryptocurrencies are ripe for plunder claims cyber security expert (IBS Intelligence) Security experts are predicting that cryptocurrencies could soon deteriorate into curruptocurrencies, thanks to the lack of standards, compliance and security disciplines.

Don’t download it! Fake Fortnite app ends in malware… (Naked Security) Epic Games is on the verge of releasing Fortnite for Android – so the crooks are jumping in to offer you “early access”… to malware!

Flight tracking service Flightradar24 hacked; 230,000 accounts affected (HackRead) One of the largest flight tracking services, Flightradar24, which shows real-time airplane locations on the map has been hacked.

Most PDQ locations victim of cyber-attack, customer credit card info, names may have been stolen (WFLA) Restaurant chain PDQ announced they were the target of a cyber-attack.

Ransom Demands and Frozen Computers: Hackers Hit Towns Across the U.S. (Wall Street Journal) Hackers are targeting small towns’ computer systems, with public-sector attacks appearing to be rising faster than those in the private sector. Online extortionists demand bitcoin ransom in return for decryption keys.

Med Associates Suffer Data Breach: 270,000 Records Left Exposed (Latest Hacking News) Cyber attacks on the health care sector have continued into this week too. The latest attack resulted in the compromise

London council asks residents to send full card details over email (Inquirer) There aren't enough palms in North London for this face plant

Tesla Sabotage Highlights Danger of Insider Threat (Security Boulevard) Electric car manufacturer Tesla is facing a nightmare insider attack scenario for which too many companies today fail to prepare.

Security Patches, Mitigations, and Software Updates

When an App is Released into the App Store, Its Security Will Be Wildly and Fiercely Tested....Instantly. Are You Prepared? (SC Media US) Most of the apps published in a public app store are at the mercy of the users who download them. Unfortunately, not everyone who downloads your app has

Cyber Trends

Has your security evolved to counter Ocean's Eleven of threat scenarios? (Help Net Security) In assessing how the cyber threat and mitigation landscape has evolved over time, I often think of the ways that “cops and robbers” movies have changed.

Time to think of cybersecurity as a customer service issue (Washington Technology) Cybersecurity professionals need to think of cybersecurity as a customer services issue but making that shift can be a challenge.

Marketplace

Herjavec: Cybersecurity investment now a priority for CEOs, boards (SearchCIO) Looming regulations, changing consumer expectations and expanding threats are forcing company leaders to pay closer attention to data protection. Robert Herjavec, CEO of the Herjavec Group and star of NBC's 'Shark Tank,' explains how the trends have changed the C-suite's view of cybersecurity investment.

Bitcoin hammered to four-month low (CRN Australia) Continuing a downtrend after more negative headlines.

Zcash: life on the crypto roller coaster (TechCrunch) Suppressed in Japan. Championed in New York. Accused of betraying the billion-dollar community he created with an arcane and byzantine ritual, while accidentally solving — maybe — a transnational clandestine mining mystery. All this while leading the rollout of some of the world’s…

Intel now faces a fight for its future (The Verge) Brian Krzanich’s surprise departure sets Intel on a race to find a new CEO

Intel CEO Brian Krzanich's exit won't affect Intel right away (CRN Australia) Krzanich's time as CEO was a mixed bag.

Intel: The 3 Failures Of Brian Krzanich, Part 1 (Seeking Alpha) Intel's golden opportunity. Failure #1: mobile devices. Investor takeaways.

ZTE Can't Fix a Broken Urinal Because It's Not Sure If It's Banned From Buying American Products (Gizmodo) The story of Chinese telecommunication firm ZTE’s death and resurrection, both at the hands of the Trump administration, has taken another bizarre turn, this time resulting in employees having to hold in their pee. The company is opting not to fix urinal that requires parts from an American manufacturer for fear of breaching a ban on buying products from the US.

This quantum computing startup has just raised a big round (Washington Business Journal) QxBranch, a software developer with a focus on quantum computing, has raised close to $8.5 million, according to Securities and Exchange Commission filings.

ZenMate Launches a Crowdfunding Campaign on CrowdCube (PR Newswire) Cross reference: Picture is available at AP Images (http://www.apimages.com)...

McAfee mulls fresh IPO, acquisitions (CRN) Cybersecurity firm McAfee is looking at further acquisitions after buying security provider SkyHigh Networks this year and has not ruled out going public again to widen its options, its chief executive said.

SkyHigh not the limit of McAfee's ambition, IPO an option (Reuters) Cybersecurity firm McAfee is looking at further acquisitions after buying security provider SkyHigh Networks this year and has not ruled out going public again to widen its options, its chief executive said.

BAE's U.S. arm has 'no present plans to divest' services, CEO says (Washington Technology) BAE Systems' U.S. chief executive sees opportunities on the horizon in the government services market and has no plans to sell the business.

Lockheed expands to support the next-gen cyberwar (Fifth Domain) The Air Force is beginning to ramp up the competition for its cyber operations platform, and companies are responding.

Kaspersky moves core processes from Russia to Switzerland to regain trust (Rappler) The company is working toward regaining trust on the global stage after the US government banned the purchase of Kaspersky software due to reported ties with Russian intelligence firms

Products, Services, and Solutions

Comodo Cybersecurity Announces Partnership with FocusPoint Technologies, Bringing Enterprise-Class Security Solutions to SMBs (PR Newswire) Comodo Cybersecurity, the global leader in innovative cyber technology...

Palo Alto Networks opens cyber range in Australia (ComputerWeekly) The first of its kind in Asia-Pacific, the training facility will let Australian IT and security teams hone their skills through cyber security exercises

Cylance Extends Endpoint Security Deployment Options (eWEEK) Cylance brings its artificial intelligence-powered endpoint security platform to private networks.

Trustonic revolutionizes IoT security; Microchip leads adoption - Trustonic (Trustonic) Trustonic announces Microchip as the first customer to use its new Kinibi-M enhanced secure platform for microcontrollers

DRACOON and Safe-T Cooperate to Vanquish Unwanted Data Access (PR Newswire) DRACOON, an enterprise file sharing expert and leader in the...

SecZetta NE Profile Receives SailPoint Certification (PR Newswire) SecZetta, today announced that SecZetta NE Profile, a comprehensive...

Top 100 Best Technology Blogs For Developers To Follow in 2018 (Loud Programmer) If you are a seasoned software developer, then like me, you must have realized the need to keep yourself up to date with the latest technology trends, best practices as well as productivity tools in this dynamic tech environment.In so doing, you get to accomplish tasks more efficiently and beat your deadlines.Learning new technologies will …

Technologies, Techniques, and Standards

GDPR and the REAL impact on business (HackRead) The impact of the GDPR deadline will vary hugely between businesses but how to tackle this uncertain situation? Here are some steps.

An Up-to-Date Browser Should Keep Users Safe From Most Exploit Kits (BleepingComputer) The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today's top web-based threats.

Facial recognition software is not ready for use by law enforcement (TechCrunch) Brian Brackeen Contributor Share on Twitter Brian Brackeen is the chief executive officer of the facial recognition software developer Kairos Recent news of Amazon’s engagement with law enforcement to provide facial recognition surveillance (branded ‘Rekognition’), along with the almost unbelievabl…

Israel Is Using Facebook And YouTube Data To Build A Huge Facial-Recognition Database (Wonderful Engineering) Facebook was under fire in the past few weeks for handling the personal data of users poorly. However, what other companies can do with that data is even scarier. Recently, another news surfaced that an

What War Games Tell Us About the Use of Cyber Weapons in a Crisis (Council on Foreign Relations) Recent U.S. war games have shown that decision makers are surprisingly reluctant to use cyber weapons during a crisis scenario that escalates into armed conflict. Why?

Estimating Cyber Risk For The Financial Sector (Seeking Alpha) By Christine Lagarde, Managing Director of the International Monetary Fund Cyber risk has emerged as a significant threat to the financial system. An IMF staff

Private sector needs a little sumthin' sumthin' to get it sharing threat intel – US security chap (Register) Sharing's caring, intone government bods

8 Security Tips for a Hassle-Free Summer Vacation (Dark Reading) It's easy to let your guard down when you're away. Hackers know that, too.

Design and Innovation

Improving security means killing the password, but that battle has just begun (KSWO) (in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Can industry help government make sense of artificial intelligence? (C4ISRNET) The House Emerging Threats and Capabilities Subcommittee wants to develop a private-public commission to inform applications of AI.

Why Cybersecurity is Looking to AI to Mitigate Business Risks (CTOvision.com) Malicious cyber attacks against government and private businesses have increased in frequency and severity over past years. Microsoft estimates the potential cost of cyber-crime to the global community at $500 billion and that breaches of data will cost the average company around $3.8 million. The unfortunate truth is that the cybersecurity industry is largely unprepared [...]

A Plea for AI That Serves Humanity Instead of Replacing It (WIRED) A new group formed by MIT's Media Lab and IEEE thinks artificial intelligence should complement human endeavors, not just serve the corporate bottom line

The Real 'Westworld' Villain Has Always Been Its Privacy Policy (WIRED) Those rich people really should have read the Delos terms of service.

Academia

New cybersecurity program to teach Burnaby students to foil hackers (Burnaby Now) A group of Burnaby students will soon have the skills to thwart online bad guys, thanks to a new cybersecurity program launching in the school district this fall. The Palo Alto Academy at Cariboo. . .

Government sponsors diversity cyber academy (ComputerWeekly) The UK government has awarded a grant for the establishment of a cyber academy to promote neurodiversity in the industry.

Legislation, Policy and Regulation

Spotlight: Israel touts itself among top five cyber powers after years of fighting cyberattacks (Zinhua) Israel has realized its goal of becoming one of the top five leading cyber powers in the world, Israeli Prime Minister Benjamin Netanyahu has touted.

DoD makes significant updates to cyber operations doctrine (Fifth Domain) The Pentagon has released an updated version of ts cyber operations doctrine for the first time in four years.

Can Congress Improve Our Cyber Deterrence Posture? (Lawfare) A close look at Section 1621 of the Senate’s proposed National Defense Authorization Act for 2019.

U.S. plans limits on Chinese investment in U.S. technology firms (Reuters) The U.S. Treasury Department is drafting curbs that would block firms with at least 25 percent Chinese ownership from buying U.S. companies with "industrially significant technology," a government official briefed on the matter said on Sunday.

Trump Plans New Curbs on Chinese Investment, Tech Exports to China (Wall Street Journal) President Trump, already embroiled in a trade battle with China, plans to ratchet commercial tensions higher by barring many Chinese firms from investing in U.S. technology and by blocking more technology exports to Beijing.

US faces 'unprecedented threat' from China on tech takeover (Business Standard) The National Intelligence Council's analysis, produced in April, described the Thousand Talents Plan as 'China's flagship talent programme and probably the largest in terms of funding.'

US says China using ‘Thousand Talents’ plan to seize expertise (South China Morning Post) Pentagon tells House Armed Services Committee programme is an aggressive, 10-part ‘toolkit for foreign technology acquisition’

Senators Cite ZTE Progress But No Deal After Trump Meeting (Bloomberg.com) Several GOP lawmakers said they and President Donald Trump made progress Wednesday toward a compromise that would let Chinese telecommunications giant ZTE Corp. stay in business while addressing lawmakers’ national security concerns.

Analysis | The Cybersecurity 202: GOP lawmakers want U.S. businesses to get out of business with Chinese telecom companies (Washington Post) They're focused on ZTE and Huawei.

Google Urged To Drop Huawei Collab Over Security Concerns (Law 360) A bipartisan group of U.S. lawmakers has asked Google to rethink its relationship with Chinese smartphone maker Huawei Technologies Co. Ltd., which some American intelligence officials have flagged as a national security threat.

Analysis | The Cybersecurity 202: Privacy advocates want Congress to fix gaps in Carpenter ruling (Washington Post) The Supreme Court sidestepped a few key issues.

Tesla's alleged rogue employee is exactly what Congress is worried about with self-driving cars (CNBC) The idea that a malicious insider could successfully tamper with software used in a manufacturing facility is fodder for worst-case scenarios.

Successfully Countering Russian Electoral Interference (Senter for Strategic and International Studies) Download the Brief The Issue The 2017 French presidential election remains the clearest failed attempt by a foreign entity to influence an electoral process in recent years.

Department of Homeland Security Scanning Utah’s Voting System For Weak Spots (KUER) Amid concerns over election hacking and other voting interference, Utah's polling systems have been put to the test by the Department of Homeland Security

Illinois finalizes its plans to prevent another Russian hack (Belleville News-Democrat) Illinois is set to receive $13.9 million in federal funds after Russian hackers breached the state's voter registration systems ahead of the 2016 election.

The Lawfare Podcast: Michael Hayden on 'The Assault on Intelligence' (Lawfare) Gen. Michael Hayden has served as the head of both the Central Intelligence Agency and National Security Agency—and he says that intelligence is under attack. In his latest book, “The Assault on Intelligence: American National Security in an Age of Lies,” Gen. Hayden argues that in what he calls a post-truth world, the United States needs its intelligence community now as much as ever. All the more reason to be concerned about the president’s repeated attacks on it.

Litigation, Investigation, and Enforcement

U.S. Supreme Court Rules Police Need Warrant for Most Cellphone Location Data (Wall Street Journal) The Supreme Court ruled that authorities need a search warrant before obtaining broad access to data that shows the location of cellphone users—except for emergencies—in a decision that furthers privacy protections in the digital age.

Supreme Court surveillance opinion nudges us to think nationally, act locally (Ars Technica) Op-ed: Think police have gone too far? Tell your city council. Seriously.

Whistleblower Explains How US Court Ruling to Affect NSA 'Treasure Map' Project (Sputnik) The US Supreme Court ruling upholding the right to digital privacy will destroy the National Security Agency’s "Treasure Map" project which is designed to map the entire global internet to locate all devices on earth, former NSA Technical Director and whistleblower Bill Binney told Sputnik.

US commerce secretary to assess ZTE espionage threat at senator’s urging (South China Morning Post) Ross promised Senator Ron Wyden a response ‘as promptly as possible’ while noting security issues were not his department’s area of concern

Britain Has a Russia Collusion Scandal Now. It Looks Exactly Like Trump’s. (Daily Intelligencer) Lies, secret meetings with Russians, covert financing, social-media bots. Putin did the same thing in Brexit as he did with Trump.

Silence on Russian election meddling frustrates lawmakers (POLITICO) Top Republicans and Democrats are pressing for details about allegations that Moscow aims to interfere in the midterms.

Russian hackers likely scanned election systems in all 50 states during 2016 race: Obama cyber czar (The Washington Times) Russian hackers likely probed election systems in all 50 states during to the 2016 U.S. presidential race, the Obama administration’s former cyber czar said Wednesday — more the double the number previously given by the Department of Homeland Security.

The Obama-Russia cyber-attack stand-down (American Thinker) Since the media have had almost endless coverage of supposed Russian collusion and Russian meddling in the 2016 election, shouldn't we get wall-to-wall coverage that the Obama chief cyber-official was ordered to stop investigating Russia's attack on the election months before the election?

Facing humiliation, Mueller backs away from prosecution of Russian entities (American Thinker) The Mueller special counsel investigation purportedly was instigated to discover possible illicit Russian influence on the 2016 presidential election but now is backing away from the only indictments aimed at Russian entities, leaving only alleged process crimes (such as General Flynn's alleged false statement to the FBI) and alleged crimes that occurred long before the Trump candidacy (such as Paul Manafort's Ukrainian connection).

Opinion: NSA leaker, Reality Winner, struck a plea dea (SOFREP) Reality Winner, the 26-year-old former NSA contractor and Air Force linguist who was arrested on espionage charges in 2017 is back in the news.

Crack Cyber Attack Cases ...with Terror Attack Investigation Tactics (Infosecurity Magazine) Five lessons on how to replicate terror investigations for the benefit of cyber.

Kerala Police to send civil officers for special training at Interpol (Moneycontrol) The prospective candidates for the Interpol training will be finalised by a panel headed by state police chief Loknath Behera.

Tesla fires back against alleged whistleblower: “He is nothing of the sort” (Ars Technica) Martin Tripp, who has yet to secure a lawyer, tells Ars he stands by his comments.

Ukraine: Four Arrested for Running Fake Crypto Exchanges (Cointelegraph) Ukrainian police have arrested a group of four men suspected of running six fake cryptocurrency exchanges.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Taiwan hit by Chinese hacking. Lazarus Group update. WannaCry wannabe protection racket. BEC up. Cryptocurrency crime. Sino-American trade tensions.