The CyberWire Daily Briefing 6.26.18

Summary

By The CyberWire Staff

Romanian Defense Minister Mihai Fifor says the NATO member is under more-or-less continuous Russian cyberattack. In the UK, GCHQ's National Cyber Security Centre director Ciaran Martin offered a similar warning to Parliament yesterday, noting "a consistent rise in the appetite for attack from Russia on critical sectors."

Palo Alto Networks reports that the Chinese cyberespionage group "Tick," also known as "Bronze Butler," has been working to infect secure USB drives produced in South Korea with SymonLoader malware. The discovery has been reported as an attack on air-gapped systems, which in a sense it is, but not by any particularly exotic new method. A malicious payload on a USB drive is an old technique. The malware affects only systems running Microsoft Windows XP or Windows Server 2003, and Palo Alto doesn't believe the malware is part of any active campaign. The discovery, while apparently not of any urgent concern, does serve as a useful warning of supply chain risk.

David Sanger's new book, The Perfect Weapon, reports that Mandiant, now a unit of FireEye, hacked back into APT1's computers, gained access to the cameras on the attackers' laptops, and so observed them hacking in real time. FireEye says the account is based on a misunderstanding. Mandiant never hacked back at anyone, and everything it learned about APT1 (a watershed private-sector investigation of Chinese espionage) was obtained by "consensual security monitoring on behalf of victim companies."

Lawfare has an interesting round-up of private-sector contributions to emerging international norms of behavior in cyberspace.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Algeria, Australia, China, Democratic Peoples Republic of Korea, Republic of Korea, NATO/OTAN, Romania, Russia, United Kingdom, United Nations, United States, and and Vietnam.

Learn four incident response lessons from high-profile breaches.

Most enterprises know that they are constantly under attack but haven’t fully embraced some lessons to be learned from real-world, high-profile security incidents. Watch this free webinar, presented by experts from Coalfire and Arete Advisors, to learn four practical lessons that will help you avoid damaging losses and minimize negative impacts of cybersecurity incidents.

On the Podcast

In today's podcast, we hear from our partners at Lancaster University, as Daniel Prince discusses cascading failures in complex systems. Our guest, is Vikram Thakur from Symantec, reviews the VPNfilter router infestation.

And, if you haven't already caught it, give a listen to Recorded Future's podcast, Securing the C-Suite, produced in cooperation with the CyberWire.

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, Jun 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, Oct 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Romania minister says country facing cyber-attacks (Fifth Domain) Romania faces Russian aggression on a daily basis in the Black Sea, and is fending off a wave of cyber-attacks and political interference, the defense minister said Monday.

Threat of cyber attack from Russia has intensified, British MPs told (The National) UK parliamentary committee heard evidence of evolving threats from states and criminals

China-linked Hackers Targeting Air-Gapped Systems: Report (SecurityWeek) A cyber espionage linked to China has been targeting a secure USB drive built by a South Korean defense company, likely in an attempt to compromise air-gaped systems, according to a report.

Air-Gapped Systems Targeted with Weaponized USBs (Infosecurity Magazine) A cyber-espionage group targets Japan and South Korea with malware.

Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems (Palo Alto Networks Blog) Recently, Palo Alto Networks Unit 42 discovered the Tick group targeted a specific type of secure USB drive created by a South Korean defense company

American Cyber Security Firm FireEye Denies Hacking Chinese Military (Motherboard) In a new book, New York Times reporter David Sanger made the explosive claim that cybersecurity firm Mandiant hacked into the laptops of Chinese military hackers. Now FireEye, which owns Mandiant, has vehemently denied the claims.

Doing Our Part – Without Hacking Back (FireEye) In his new book, "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age," author David E. Sanger chronicles numerous examples of the impact of cyber activities on geopolitical conditions.

Malware in South Korean Cyberattacks Linked to Bithumb Heist (Dark Reading) Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.

We are entering the twilight zone of cyber warfare (Financial Times) The risk of escalation is high as it is hard to know who is attacking whom or why

Mobile Devices Exposed to Spying via Malicious Batteries: Researchers (SecurityWeek) Researchers demonstrate how installing a malicious battery into a smartphone can allow attackers to harvest and exfiltrate sensitive data

"Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information (SecurityWeek) A security vulnerability patched by Microsoft earlier this month in its Edge browser could be exploited via malicious or compromised websites to read restricted data.

Known Threat Actor Develops Malware Downloader (Infosecurity Magazine) Kardon Loader is a new malware downloader with full bot capabilities.

Meet MyloBot malware turning Windows devices into Botnet (HackRead) Dubbed MyloBot by researchers; the malware steals data from Windows PCs and make them part of a botnet to carry further attacks.

The Biggest Digital Heist in History Isn’t Over Yet (Bloomberg.com) It’s like something out of a movie.

Nintendo Switch hackers show hacking for mischief is alive and well (Naked Security) Think today’s hackers are only motivated by money? Think again. In the gaming world, there’s plenty of hacks-for-lulz on display.

How telework fuels the insider threat (Fifth Domain) Following several intelligence leaks, a large percentage of corporate executives and small business owners believe that data breach risks increase when employees work out of the office, a new study finds.

Number of Fake Homograph Domains Continues to Increase (Infosecurity Magazine) The number of IDN lookalike domain pages continues to increase

IRS’ Rush to Secure Exposed Taxpayer Data Left It Vulnerable Again (Nextgov.com) Personal information about more than 350,000 taxpayers was compromised in 2015. Three years later, it’s still not secure.

What is a zero-day exploit? A powerful but fragile weapon (CSO Online) A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

The Pirate Bay stays down - Here's how to access its Dark Web domain (HackRead) The Pirate Bay is down but its dark web domain is online and here is how you can access The Pirate Bay on the dark web.

1.7 Million Phishing Emails Blocked in June: Barracuda Networks (Dark Reading) Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.

AT&T collaborates on NSA spying through a web of secretive buildings in the US (TechCrunch) A new report from The Intercept sheds light on the NSA’s close relationship with communications provider AT&T. The Intercept identified eight facilities across the U.S. that function as hubs for AT&T’s efforts to collaborate with the intelligence agency. The site first identifie…

Security Patches, Mitigations, and Software Updates

Oracle Patches New Spectre, Meltdown Vulnerabilities (SecurityWeek) Oracle starts releasing software and microcode updates for products affected by the recently disclosed Spectre and Meltdown variants, namely Variant 3a and Variant 4

Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors (SecurityWeek) Researchers warned in April of a serious DoS flaw affecting safety controllers from several major vendors. Rockwell Automation has now released a patch

Samsung Galaxy S9 Line Receives June Security Patch On Verizon (AndroidHeadlines.com) Verizon started distributing an optimized version of Google's June 2018 Android security patch to all Galaxy S9 and Galaxy S9 Plus units on its network,

Hyperthreading under scrutiny with new TLBleed crypto key leak (Ars Technica) A new attack prompted OpenBSD's developers to disable hyperthreading by default.

Cyber Trends

Cyber attack could cost bank half of its profits, warns IMF (Internet of Business) Cyber risk has emerged as a significant threat to the financial system, according to a new report from the International Monetary Fund (IMF). Although hardly a day goes by without another report warning of the dangers of cyber attacks, a new IMF modelling exercise has estimated that financial institutions’ average annual losses from cyber-attacks could …

Bot-driven credential abuse, DDoS attacks continue to rise (Help Net Security) Researchers tracked advanced techniques that show the influence of intelligent, adaptive enemies who change tactics to overcome the defenses in their way.

Midsized Organizations More Secure Than Large Ones (Dark Reading) New report offers data and analysis as to why midsized organizations hit a cybersecurity sweet spot in terms of security efficacy.

The State of Digital Lifestyles 2018 (Limelight Networks) Consumers Are Optimistic About Online Digital Technology

Human Behavior Risk Analysis Downloadable Report (Wiretap) Get the 'Human Behavior Risk Analysis' report in your inbox to receive specific insights and benchmarks on employee behavior that could be threatening your organization's security, compliance and culture.

Marketplace

Andreessen Horowitz Lends Credence to Crypto With New Fund (WIRED) The high-profile venture capital firm hires its first female general partner, a former federal prosecutor, to manage the $300 million fund.

Andreessen Horowitz has a new crypto fund — and its first female general partner is running it with Chris Dixon (TechCrunch) Silicon Valley powerhouse Andreessen Horowitz (a16z) has some big, and bigger, news today. First, it closed a dedicated crypto fund late last week from a subset of its limited partners, who’ve provided the firm with $300 million in capital commitments. The fund had become the worst-kept secre…

Quantum Xchange Launches First Quantum Network (QuantumXC) Quantum Xchange raises $10 Million Series A from New Technology Ventures to bring its QKD network and patent-pending trusted node technology to market. This is the first quantum, fiber-optic network in the United States and commercial Quantum Key Distribution (QKD) service for quantum-safe data protection.

Ping Identity Acquires Elastic Beam and Launches New AI-Driven Solution to Secure APIs (Digital Journal) Ping Identity, the leader in Identity Defined Security, today announced

Telos Corporation Awarded $45 Million Contract to Modernize Army Communications Systems in Pacific Region (BusinessWire) US Army has selected Telos Corporation to support migration and modernization of VoIP communications throughout the Pacific region.

How under pressure IBM thinks it has reinvented itself for the AI, quantum and blockchain era (Financial Review) At almost 107 years-old, IBM has faced accusations of lacking fresh vision, yet despite revenue falls and redundancy rounds it believes it has positioned itself to lead future trends.

Forcepoint Opens Cork Centre On Albert Quay (BizPlus) Cybersecurity company Forcepoint has opened a Centre of Excellence in Cork which will concentrate on new product development.

Intel Names Window Snyder as Chief Software Security Officer (Dark Reading) The microprocessor giant hires security veteran credited with leading both Microsoft's and Apple's security advancements.

Cybersecurity Innovator Selects COPT’s Columbia Gateway for Headquarters Location (Business Wire) Corporate Office Properties Trust (“COPT” or the “Company”) (NYSE: OFC) has executed an 18,000 square foot lease with The Maryland Innovation and Security Institute (“MISI”) in the Columbia Gateway Business & Innovation Center in Columbia, Maryland.

Products, Services, and Solutions

Ping Identity Improves Customer Experience for Global Enterprises with Adaptive Authentication Enhancements (Ping Identity) Ping Identity, the leader in Identity Defined Security, today announced major enhancements to PingFederate and PingID SDK that improve the authentication flow and make it easier to natively provide adaptive authentication within consumer-facing mobile applications.

Ping Identity Makes it Easy to Modernize Legacy IAM Systems (Ping Identity) Ping Identity, the leader in Identity Defined Security, today announced a new product and features designed to simplify the transition to its identity and access management (IAM) solution.

Brave browser starts feeding ads to willing guinea pigs (Naked Security) Hands up who wants to sign up to receive advertising as they browse the internet? Probably no-one, and yet that’s exactly what the new Brave browser is asking its users to do.

Microsoft brings immutable storage to Azure blobs (CRN Australia) Encouraging regulated industries to move sensitive data to the cloud.

Yubico launches FIPS 140-2 validated YubiKey series (Help Net Security) YubiKey FIPS 140-2 covers the use of cryptographic functionality such as encryption, authentication, and digital signatures.

Technologies, Techniques, and Standards

Threat Sketch, with Funding and Support from the Department of Homeland Security, Releases Nonprofit Cybersecurity Guide (PR Newswire) Threat Sketch, a cybersecurity firm specializing in small business...

WPA3 Brings New Authentication and Encryption to Wi-Fi (Dark Reading) The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.

The Next Generation of Wi-Fi Security Will Save You From Yourself (WIRED) With better password security and idiot-proof IoT connections, WPA3 will make your internet experience much, much safer.

GDPR: Don’t Rest on Your Data, We’ve Only Just Begun (Infosecurity Magazine) A month in, GDPR is not a set-it-and-forget it regulation.

In non-startling news, EFF says STARTTLS email crypto is mostly done wrong (Regoster) And so it's trying to kick off an effort to fix that up, because security and privacy matter

Kantara welcomes IDESG to enhance protection of online identities (Help Net Security) Kantara Initiative continues to be focused on improving use of identity and personal data through innovation, standardization and good practice.

American Association of Water Distribution & Management (AAWDM) critical infrastructure video (Control Global) The water industry doesn’t have an organization that specifically addresses risk the same way it is done in other industries. As such this new organization, AAWDM, is making a series of videos.

Industrial IoT: Protecting the Physical World from Cyber Attacks (SecurityWeek) Industrial IoT in the enterprise expands the threat landscape by opening up new vulnerabilities that can be exploited across endpoints, applications, cloud infrastructure and networks.

WebAssembly: potentials and pitfalls (Forcepoint) We at Forcepoint have recently touched on the topic of WebAssembly (also known as WA or Wasm). Part of this effort was discussed briefly in an earlier blog post on in-browser coin mining. Today we are going to talk more about the basics of Wasm, and discuss some of the security implications of this new technology. More posts will follow in this series. Later, we will make another post on reverse-engineering a basic Wasm file.

Mattis declares vigilance to be the best cyber defense (Federal Times) Secretary of Defense James Mattis has issued a memo warning the department’s employees of the consequences for poor cyber hygiene in a world where secrets can fall into the hands of digital intruders.

Army trying to keep up with ‘changing character of war’ (FederalNewsRadio.com) As the Army shifts its focus from violent extremist organizations to near-peer adversaries per the national defense strategy, staying on top of emerging domains and technologies will be what keeps it in a position of dominance going into the future.

Top Tech Companies Met With Intelligence Officials to Discuss Midterms (NYTimes) A meeting in May was meant for a discussion of foreign meddling in this year’s midterm elections. But some tech officials left frustrated.

Managing and maintaining security in the enterprise (Help Net Security) Utilizing tools and services that exist to protect IT systems should be the first step in maintaining security and minimizing risk in the enterprise.

Secure Code: You Are the Solution to Open Source's Biggest Problem (Dark Reading) Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.

What Metrics Should Enterprises Focus On to Improve Cybersecurity? (eSecurity Planet) VIDEO: Dmitri Alperovitch, co-founder and CTO of CrowdStrike, says simply focusing on malware prevention isn't enough for modern cybersecurity.

Analysis | The Cybersecurity 202: Maryland ballot snafu offers lessons in how to respond to an election hack (Washington Post) As many as 80,000 voters will have to cast provisional ballots.

Research and Development

Finally, a Problem Only Quantum Computers Will Ever Be Able to Solve (WIRED) Computer scientists have been searching for years for a type of problem that a quantum computer can solve but that any possible future classical computer cannot. Now they’ve found one.

Royal Bank of Canada and Ben-Gurion University Enter Into Cyber Security Partnership (PR Newswire) The Royal Bank of Canada (RBC) and BGN Technologies,...

Academia

Internet shut down in Algeria to stop exam cheats (Naked Security) It’s exam time again, and aside from panic and caffeine-fuelled all-nighters, that can only mean one thing: A lot of people are getting their internet shut off.

Northrop Grumman Expands Youth Cyber Education Program into Australia with CyberTaipan (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) has introduced CyberTaipan, a national cyber defence competition for Australian youth designed to encourage interest in technical fields. The Hon Angus Taylor MP, Minister for...

Legislation, Policy and Regulation

Private Sector Cyber-Norm Initiatives: A Summary (Lawfare) In the wake of the U.N.’s failure to articulate new norms on cyber governance, the private sector is developing its own ideas.

Vietnam New Cyber Security Law (CyberDB) Vietnam’s National Assembly passed a new cyber security law that has generated much concern for its stringent restrictions on popular social media.

House passes bill to addressing industrial cybersecurity (TheHill) House lawmakers approved legislation Monday aimed at securing technology used to power critical infrastructure from cyberattacks.

Litigation, Investigation, and Enforcement

Rights Groups: EU States Ignored CJEU Mass Surveillance Rulings (Infosecurity Magazine) Non-targeted bulk data retention still widespread, say activists

Opinion | The Supreme Court just struck a blow against mass surveillance (Washington Post) Requiring a warrant will change bulk collection.

Tesla Breach: Malicious Insider Revenge or Whistleblowing? (SecurityWeek) A breach of Tesla's Manufacturing Operating System was a mainstream malicious insider attack -- but there may be more to it than meets the eye.

Mueller Poised to Zero In on Trump-Russia Collusion Allegations (Bloomberg.com) Special Counsel Robert Mueller is preparing to accelerate his probe into possible collusion between Donald Trump’s presidential campaign and Russians who sought to interfere in the 2016 election, according to a person familiar with the probe.

What did Peter Strzok do? (TheHill) As former top FBI official Peter Strzok faces congressional requests to testify, it’s worth examining who he is.

Millions of UK voices stored by HMRC (BBC News) Privacy campaigners say 5.1 million Britons have had their voices stored without permission.

Senator to FCC: How much do police stingrays drain a cellphone battery? (Ars Technica) "If the Commission does not conduct or require testing, please explain why…"

Dem Chief Of Staff Tried To Expose Suspected Theft Ring On Capitol Hill, Was Met With Resistance (Daily Caller) 'It looked like Christmas with Apple TV's, iPods, etc. scattered around the room'

An Overwatch hacker in South Korea just got sentenced to a year in prison (TechCrunch) A 28-year-old man in South Korea faces a year in prison for hacking Overwatch . The sentence, reported by South Korea’s SBS News and Dot Esports, handed the hacker one year in prison and two years of probation for illicit activity related to the hit online multiplayer game. The particularly s…

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, Sep 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

HoshoCon 2018 (Las Vegas, Nevada, USA, Oct 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from industry leading security experts and participate in developer workshops. Hosho is lucky to call Las Vegas home, and as our guests, you will be treated to unique content, valuable networking opportunities and the entertainment that only Vegas can offer. We can’t wait to see you there.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, Nov 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

upcoming Events

GovSummit (Washington, DC, USA, Jun 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, Jun 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, Jun 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, Jul 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, Jul 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, Jul 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, Jul 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, Jul 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, Jul 31 - Aug 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, Aug 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, Aug 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, Aug 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, Aug 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, Aug 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, Aug 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Russian cyber threat warnings. Air-gapped hack not so scary. No hacking back for FireEye. International cyber norms.