The CyberWire Daily Briefing 6.27.18

Summary

By The CyberWire Staff

A major distributed denial-of-service (DDoS) attack is hitting Proton Mail and ProtonVPN. The affected service provider says a group linked to Russia is claiming responsibility. Its unclear whether the group is criminal or state-directed.

Palo Alto researchers describe Rancor, a new APT group engaged in cyberespionage against Singapore, Cambodia, and Thailand. Attribution isn't clear, but there's some circumstantial commonality between the backdoor Rancor is using and that employed by Chinese threat actors.

The EU is organizing a cyber response force that will coordinate the Union's reaction to incidents. The Declaration of Intent, proposed by Lithuania, has advanced and acquired more signatories.

An international law enforcement effort, Operation Keyboard Warrior, has resulted in the arrest of eight suspects as a business email compromise ring based in Africa is broken up.

Reality Winner's plea agreement in the case of classified material leaked to the Intercept calls for Ms Winner to serve five years and three months in prison. Her sentence will be formally imposed at a later date. Supporters of the 26-year-old NSA and Air Force alumna are asking that the court consider her service to her country in mitigation. She was undone and unmasked by microdots in the printed documents she proffered to journalists. Researchers at TU Dresden say they've developed a technique of masking such identifying marks, too late for Ms Winner, but soon to be on offer for future leakers.

No, it's not just you. For some reason, Slack went down this morning. Reasons for the outage are unclear.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Belgium, Cambodia, China, Croatia, Estonia, European Union, Finland, France, Germany, Greece, Israel, Lithuania, NATO/OTAN, Netherlands, New Zealand, Norway, Romania, Russia, Singapore, Slovenia, Spain, Thailand, Ukraine, United Kingdom, and United States.

Learn four incident response lessons from high-profile breaches.

Most enterprises know that they are constantly under attack but haven’t fully embraced some lessons to be learned from real-world, high-profile security incidents. Watch this free webinar, presented by experts from Coalfire and Arete Advisors, to learn four practical lessons that will help you avoid damaging losses and minimize negative impacts of cybersecurity incidents.

On the Podcast

In today's podcast we hear from our partners at Terbium Labs, as Emily Wilson tells us the story of a six-year-old dealing with identity theft. Our guest, Paul Aubin from Varonis, discusses protection of federal systems.

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Group Tied to Russia Attacked ProtonMail (Infosecurity Magazine) ProtonMail was knocked offline for several hours during a DDoS attack.

RANCOR Cyber Espionage Group Uncovered (SecurityWeek) A cyber espionage group that has remained undetected until recently, has been targeting South East Asia with two previously unknown malware families, according to Palo Alto Networks.

NEW BEC Scheme Targets Companies Worldwide (Booz Allen Hamilton) How we found them, and how to protect yourself

PBot adware spams ads & installs cryptominer on Windows PCs (HackRead) The IT security researchers at Kaspersky have discovered an adware written in Python targeting Windows-based computers.

Cybercrime Firm Warns of Rising Reports of Fake WannaCry Ransomware (NewsBTC) Cybercrime involving cryptocurrencies is on the rise. Today, the U.K.’s national reporting center for fraud and cyber crime, Action Fraud, has issued warnings about a new phishing campaign using the infamous WannaCry ransomware.

FireEye hacked off at claim it hacked Chinese military's hackers (Register) Allegation in book mistook RDP recording for real world action, company asserts

FireEye Refutes Claims That It Hacked Back a Chinese APT (BleepingComputer) US cyber-security firm FireEye has denied claims that have been ramping up on social media all last week about illegally "hacking back" a Chinese nation-state cyber-espionage group.

Researchers: Last Year’s ICOs Had Five Security Vulnerabilities on Average (BleepingComputer) Security researchers have found, on average, five security flaws in each cryptocurrency ICO (Initial Coin Offering) held last year. Only one ICO held in 2017 did not contain any critical flaws.

Money-eating cash machine RAT gobbles $17,500 (Naked Security) RAT may be short for Remote Access Trojan, but the word also refers to a well-known type of rodent…

Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site (TrendLabs Security Intelligence Blog) Our honeypot sensors, which are designed to emulate Secure Shell (SSH), Telnet, and File Transfer Protocol (FTP) services, recently detected a mining bot related to the IP address 192.158.228.46. The address has been seen to search for both SSH- and IoT-related ports, including 22, 2222, and 502. In this particular attack, however, the IP has landed on port 22, SSH service. The attack could be applicable to all servers and connected devices with a running SSH service.

Millions of Mobile Phones, Tablets Infected With 'Bad Bots' (NBC Bay Area) NBC Bay Area reviewed an eye-opening study, set for release Wednesday, that found millions of mobile phones and tablets are hosting 'bad bots' -- malicious software used discreetly by hackers.

School facial recognition system sparks privacy concerns (Naked Security) A New York school district is hoping to use technology to make its children safer. But not everyone is happy about it.

65% of secondhand memory cards contain previous owners' personal data (Comparitech) Researchers unearthed troves of personal information and sensitive materials including intimate photos, important documents, ID numbers, and contact lists.

Facebook’s Latest Problem: It Can’t Track Where Much of the Data Went (Wall Street Journal) Facebook’s internal probe into potential misuse of user data is hitting fundamental roadblocks: The company can’t track where much of the data went after it left the platform or figure out where it is now.

Facebook sends weekly app emails to wrong people (Naked Security) In another one of those privacy hiccups Facebook is making a habit of lately, the company has admitted accidentally copying some weekly app developer emails to the wrong recipients.

Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider (BleepingComputer) The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned.

PDQ: We Have Been the Target of a Cyber-Attack (QSR magazine) Data breach affected the chicken chain for close to a year.

How to Avoid Card Skimmers at the Pump (KrebsOnSecurity) Previous stories here on the proliferation of card-skimming devices hidden inside fuel pumps have offered a multitude of security tips for readers looking to minimize their chances of becoming the next victim, such as favoring filling stations that use security cameras and tamper-evident tape on their pumps.

Slack Is Down and I've Never Felt Less Alive (Gizmodo) On Wednesday, Slack confirmed that users worldwide were experiencing difficulty connecting to the workplace messaging service, pledging to investigate the problem and provide updates soon.

Insider Dangers Are Hiding in Collaboration Tools (Dark Reading) The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.

Security Patches, Mitigations, and Software Updates

Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless (BleepingComputer) Upcoming additions to the WebAssembly standard may render useless some of the mitigations put up at the browser level against Meltdown and Spectre attacks, according to John Bergbom, a security researcher at Forcepoint.

Microsoft Issues Advisory on Lazy Floating Point State Restore Security Issue (Redmond Magazine) Microsoft earlier this month issued an advisory for the 'lazy floating point state restore' security problem (CVE-2018-3665) that potentially could affect users of Windows and Intel Core processors.

Terrible passwords outlawed in Microsoft’s new Azure tool (Naked Security) Azure AD Password Protection prevents users from setting a password from the company’s list of 500 most common and easily-guessed examples.

macOS Mojave: A visual tour of Dark Mode and other major features (Ars Technica) Our months-long journey into Apple's new OS begins with a visual guide to what's new.

Twitter adds support for login verification with USB security key (Help Net Security) Twitter has moved to improve account security and has begun rolling out the "login verification with a security key" option.

Twitter puts a tighter squeeze on spambots (TechCrunch) Twitter has announced a range of actions intended to bolster efforts to fight spam and “malicious automation” (aka bad bots) on its platform — including increased security measures around account verification and sign-up; running a historical audit to catch spammers who signed up …

Sophos Patches Privilege Escalation Flaws in SafeGuard Products (SecurityWeek) Vulnerabilities in Sophos SafeGuard products allow attackers to escalate privileges and execute code with SYSTEM permissions

Mozilla's Firefox Monitor aims to keep your accounts safe (CNET) The tool will check your email address against a huge database of known data breaches.

Cyber Trends

Confidence wavers in face of evolving cybersecurity threats (Help Net Security) Attacks organizations believed themselves to be most susceptible to in 2017 are shifting in 2018, while the estimated cost of a breach is decreasing.

Farsight Security Global Internationalized Domain Name Homograph Report (Farsight) New report: Farsight Security Global Internationalized Domain Names Homograph Report Q2/2018 - examines the prevalence and distribution of IDN homographs across the Internet by analyzing 11 Million IDN resolutions over a 12-month period focused on over 450 global brands across 11 sectors including finance, retail, and technology.

Farsight Security Announces DNSDB API Key Portability Program (GlobeNewswire News Room) The single API key is platform agnostic, allowing security analysts to apply it to multiple threat intel platforms to strengthen overall security posture with powerful DNS data

Cyber warnings going ignored as 1 in 4 companies are still investigating alerts manually (BAE Systems | Cyber Security & Intelligence) New BAE Systems research shows half of mid-sized businesses name lack of skilled staff as top security monitoring concern.

Stock Exchange Tech Providers Slow to Embrace Blockchain (Wall Street Journal) Technology firms that provide IT infrastructure for stock markets and exchanges have been slow to embrace blockchain even as use of the distributed ledger technology spreads to retail, manufacturing, distribution and other sectors beyond Wall Street, Nasdaq Inc. said in a report Tuesday.

Cybersecurity Professionals Face Challenges on the Path to Automation, Reveals Juniper Networks and Ponemon Institute Report (Nasdaq) 70 percent of respondents say automation is very important for a successful security posture, but more than half are struggling with too many vendors and not enough skilled security personnel to implement

IT chiefs keep obsolete systems running just to keep data accessible (Help Net Security) 89 per cent of IT decision makers in UK enterprises admit they are keeping obsolete systems alive just to keep the historical data accessible.

Cyber security incidents could cost Aussie businesses $29B per year (ARN) Cyber risks lead 66 per cent of Australian businesses to put off digital transformation plans, with security incidents potentially costing organisations $29 billion.

Good News! The Privacy Wins Keep Coming (WIRED) From Carpenter v. United States to a landmark bill in California, privacy advocates sense a shift in what people will accept from Facebook, mobile carriers, and more.

Marketplace

High-Profile Ransomware is Making Boards Cyber Savvy (Infosecurity Magazine) SentinelOne finds funds are more likely to be released for security initiatives

I’m the Security Chief at Huawei. The U.S. Banning Us Won’t Make Americans Safer (Fortune) It could also hurt telecom service in rural areas.

The 9 Companies Behind the A.I. Acquisition Boom (Fortune) They've made more than 60 deals to scoop up talent and new tech.

First Women-Led Cybersecurity Venture Capital Firm Launches (Dark Reading) Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.

IQ Capital is raising £125M to invest in deep tech startups in the UK (TechCrunch) The rapid pace of technology innovation and applications in recent decades — you could argue that just about every kind of business is a “tech” business these days — has spawned a sea of tech startups and larger businesses that are focused on serving that market, and equally…

Level 39 boosts UK digital economy by connecting startups to investors (Techworld) Head of Level 39, Ben Brabyn shares what makes the UK's biggest tech hub different to accelerators

Balbix raises $20M for a predictive approach to enterprise cybersecurity (TechCrunch) Security breaches are a disaster for corporate companies, but good news if you’re someone who offers preventative solutions. Today in 2018, wide-ranging attacks on the likes of Equifax, Sony Pictures and Target have only added value to those charged with safeguarding companies. Balbix, one su…

Data Protection Firm BigID Raises $30 Million (SecurityWeek) BigID, a company that specializes in helping enterprises secure customer data and complying with regulations like GDPR, raises $30 million in a series B funding round

MORGAN STANLEY: These 3 tech stocks are set to win big as companies spend more on cybersecurity in response to GDPR and other data regulation (Business Insider) Morgan Stanley has high expectations for some cybersecurity companies, but it actually lowered its price target for Symantec after fewer chief security officers said they are using the 36-year-old software company's services.

Vodafone Selects Sandfly Security for the Xone (Sandfly Security) Sandfly Selected for Vodafone Xone Startup Accelerator Sandfly has been selected by Vodafone to participate in their highly regarded Xone accelerator program here in New Zealand. The Xone accelerator gives Sandfly the chance to work ...

Initial coin offerings - could they offer a safer way to invest? (Raconteur) Initial coin offerings could be the new crowdfunding - but without proper regulation they risk becoming the wild west of investment.

Products, Services, and Solutions

aelf adds first tech heavyweights to all-star blockchain Innovation Alliance (CryptoNinjas) aelf, the cloud computing, multi-chain blockchain network, has announced the first technology partners of the

Crowdfense Pays Out $4.5M to Security Researchers in Two Months (PR Newswire) Crowdfense has paid out $4.5 Million in the first two months of its public...

GlobalSign Launches Next-Generation IoT Identity Platform Addressing Critical IoT Device Security Requirements - SSL & Digital Certificates by GlobalSign (GlobalSign) GlobalSign’s solution enables highly scalable identity lifecycle management, including certificate issuance, renewal and revocation, device enrollment and flexible API-driven integrations

SonicWall Leans into Mid-Tier Enterprise Market for Next Phase of Company Growth, Leadership with Expansion of Disruptive Cloud-based Platform (SonicWall) Disruptive, enterprise-grade, cloud-based platform integrates next-generation endpoint, firewall and cloud application security with management, reporting, analytics and cyber threat visibility

Pulse Secure Launches Virtual Application Delivery Controller Solutions in Google Cloud Platform (GlobeNewswire News Room) Pulse Secure Virtual ADC extends application availability and protection to the Google Cloud Platform to help defend mission critical applications from advanced persistent threats

Hedera Hashgraph Joins Trusted IoT Alliance to Provide Fortune 500 Companies Early Access to Distributed Ledger Technology (Hedear Hashgaph) The Hedera hashgraph platform will offer a public, distributed ledger that enables globally distributed applications.

Datadog Accelerates DevSecOps, Zero Trust Strategy with Cyxtera’s AppGate SDP (Cyxtera) Cyxtera Technologies, the secure infrastructure company, today announced that Datadog, a leading monitoring platform for cloud-scale applications, has successfully implemented AppGate SDP, a network security solution that dynamically creates encrypted, one-to-one network connections for secure user access.

Accenture Security Builds Out Cyber-Resilience Capabilities (eWEEK) VIDEO: Tom Parker, managing director of Accenture Security, discusses how organizations can improve cyber-resilience with threat intelligence and coached breached simulations.

Chubb announces enhanced cyber response capabilities (Insurance Business) Insurer has expanded its incident response network and launched a mobile app and dedicated website

Threat X Extends Leading SaaS-Based WAF Solution with Enhanced Threat Detection and Neutralization Capabilities (BusinessWire) Threat X extends leading SaaS-based WAF solution with enhanced threat detection and neutralization capabilities.

ISRAEL/UKRAINE : BLER forges Israeli-Ukrainian interceptions alliance (Intelligence Online) Israel's Avnon Group recently teamed with the Ukrainian firm Cyberio to develop an interception and social network monitoring system.

VPN Comparative Test (AVTest) In April 2018, AV-TEST performed a test of Virtual Private Networks (VPN) solutions. VPNs have been reviewed in its different fields of p

The $5 Million Surveillance Car That Hacks iPhones From 500 Meters (Forbes) A Cyprus-based surveillance company claims to have built a car full of next-generation snooping kit that can infect Apple and Google phones from as far away as 500 metres.

Technologies, Techniques, and Standards

The Next Generation of Wi-Fi Security Will Save You From Yourself (WIRED) With better password security and idiot-proof IoT connections, WPA3 will make your internet experience much, much safer.

You used to build a wall to keep them out, but now hackers are destroying you from the inside (WIRED UK) How do you keep data dafe when the enemy has already breached your defences?

Why Bitcoin’s about to give up one of its closely guarded secrets (Naked Security) Roll up, roll up, the Bitcoin Core developers are finally set to reveal the cryptocurrency’s alert key.

Why agencies are shifting from cyberdefense to digital resilience (Fedscoop) A growing cadre of federal IT leaders recognize that fortifying their defenses is no longer enough to protect their agencies amid the rising tide of cyberthreats. The reality is that cybersecurity threats are evolving quicker than most agencies can respond. Nearly 7 in 10 federal civilian agency IT leaders — and more than half (55 …

Cyberbit Hosted a First Joint Cyberdefense Exercise for German and Israeli Financial Institutions (Markets Insider) Cyberbit Ltd., a world leading provider of cybersecurity simulation and IT/OT detection...

The Next Big Lesson for Security: Context is King (Infosecurity Magazine) We need higher-fidelity alerts contextualized across multiple facets of a system.

Here’s What Network Threat Hunting Means, Why It Matters, and How... (Bricata) Threat hunting is a way to identify threats that current security defenses are not detecting – and transition to a proactive rather than reactive security posture. This post defines network threat hunting, explains why it matters and offers expert tips for...

Security risks when adopting a cloud based phone system (Best in Australia) Unfortunately, the cloud does have its share of security problems – something that about 90% of companies are at least moderately concerned about.

Design and Innovation

Are Cryptocurrencies at Risk of Quantum Hacking? (Edgy Labs) Quantum computers are just over the horizon, and so is quantum hacking. Will cryptocurrencies be able to survive this next level of data security?

New Blockchain Claims It Is Resistant To Quantum Computing Attacks (BlockTribune) The QRL Foundation claims it has developed a Quantum Resistant Ledger, (QRL) a distributed ledger resistant to both traditional and quantum computing attacks. The QRL boasts that it is “cryptography with longevity, a post-quantum secure blockchain featuring a stateful signature scheme and unparalleled security.” Read more »

Talking to Google Duplex: Google’s human-like phone AI feels revolutionary (Ars Technica) Believe the hype—Google's phone-call bot is every bit as impressive as promised.

Research and Development

Researchers release app that masks printers' tracking dots (Help Net Security) Did you know that nearly all modern color laser printers put tracking patterns of tiny yellow dots on each piece of paper they print?

Kiwi partnership keeping a 'vigilant' eye on fraudsters (Security Brief) "While some systems claim to be using artificial intelligence to analyse transactions, this is the most sophisticated tool available in New Zealand."

Academia

US cyber defence challenge brought to Australia (iTnews) For high school students.

Legislation, Policy and Regulation

EU Set for New Cyber-Response Force (Infosecurity Magazine) Lithuanian proposal already has several member states on board

Norway’s National Security Agency warns IT industry about security obligations (ComputerWeekly) IT service providers serving organisations in Norway have received a timely reminder about their security obligations.

‘We need to be impatient’: Estonia’s No. 2 defense official dives into NATO priorities (Defense News) As a border state with Russia, Estonia is well aware it is ground zero for any potential conflict between Moscow and NATO.

GERMANY : Uncertainty over German cyber-attack capacities (Intelligence Online) A study by experts of the Bundestag's research department, the

China’s cyberlaw is unfair, dangerous – and a model to follow (South China Morning Post) Daniel Wagner says critics are right to say the law gives Chinese companies an unfair edge and raises important privacy concerns. The fear is that other countries are more likely to adopt this model than the EU’s more cumbersome one favouring rights protection

Lawmakers ask Commerce Department to clarify impact of ZTE ban on US firms (South China Morning Post) A group of lawmakers behind a campaign to reinstate the US ban on ZTE Corp have called on the Commerce Department to clarify how the sanctions affect American companies using products made by the Chinese telecom giant....

Washington Needs a New Solarium Project To Counter Cyberthreats (Foreign Policy) President Eisenhower confronted the unprecedented nuclear threat of the 1950s with a novel exercise. The United States needs a similar approach to tackle today's cyber…

Wargaming Moscow's Virtual Battlefield (The Cipher Brief) Bottom Line: Russian involvement in the information domain includes electronic warfare, espionage and active measures like disinformation, propaganda, psychological pressure, destabilization of society and influence of foreign media.

Don't Underestimate Economic Side of Russia's Cyber Warfare (The Cipher Brief) Russia knows how to spread chaos in American politics, but it may pose a far greater threat to the U.S. economy and the infrastructure it depends on

Trump Eases Demand for New Tools to Limit Chinese Investment (Wall Street Journal) President suggests he will rely on 1988 law being updated by Congress that lets U.S. review foreign investments

IEEE Calls for Strong Encryption (Dark Reading) Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'

All the services get new cyber commanders (Fifth Domain) Each service cyber component command is getting a new commander relatively around the same time.

Whitworth Assigned to National Security Agency (SIGNAL) Rear Adm. Frank D. Whitworth, USN, will be assigned as deputy chief, tailored access operations (S-32), Signal Intelligence Directorate, National Security Agency, Fort Meade, Maryland.

Privacy Coins Are 'One of the Greatest Emerging Threats to U.S. National Security,' States US Congressman (Bitcoinist.com) The U.S. Secret Service is urging Congress to take a good look at privacy-focused cryptocurrencies like Monero and Zcash.

Litigation, Investigation, and Enforcement

NSA Leaker Winner Pleads Guilty. (Infosecurity Magazine) Contractor facing over five years behind bars

Reality Winner pleads guilty after being unmasked by microdots (Graham Cluley) Reality Winner, the US government contractor who leaked top secret documents about Russian hacking, has pleaded guilty.

Eight Arrested in Africa-Based Cybercrime and Business Email Compromise Conspiracy (US Department of Justice) In accordance with the Justice Department’s recent efforts to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens, the Department announced Operation Keyboard Warrior, an effort coordinated by United States and international law enforcement to disrupt online frauds perpetrated from Africa. Eight individuals have been arrested for their roles in a widespread, Africa-based cyber conspiracy that allegedly defrauded U.S. companies and citizens of approximately $15 million since at least 2012.

Eight Arrested for Roles in Email Fraud Schemes (SecurityWeek) Eight individuals were arrested for their roles in a widespread, Africa-based business email compromise (BEC) operation.

Insider threat becomes reality for Elon Musk (CSO Online) Every company needs to worry about the insider threat and Tesla is no exception. Now, Tesla has sued former employee Martin Tripp for sabotage and intellectual property theft.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

upcoming Events

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

DDoS against Proton Mail. Rancor APT hits Southeast Asia. EU cyber response force. BEC scammers nabbed. Leaker update.