The CyberWire Daily Briefing 7.5.18

Summary

By The CyberWire Staff

Iranian threat group Charming Kitten is building bogus websites purporting to be connected with Clearsky, the Israeli firm that's been tracking Charming Kitten for some time. Clearsky says the malicious site uses the URL clearskysecurity\[dot]net. The phishbait being dangled is Clearsky's reporting on the Iranian APT: the threat group copied pages from Clearsky's public reports and changed one of them to offer a "sign-in" option.

Hamas has succeeded in compromising smart phones belonging to Israeli soldiers by using a catphish on a dating app.

Facebook has received unpleasant scrutiny over its sharing of user data with third-parties. It appears that Google may have shared data originating with Gmail users. In this case, Google has enabled certain developers to access not just Gmail metadata, but the contents of emails themselves. It seems that Gmail users gave Mountain View permission to share reading rights to their emails when they agreed to the EULA.

Pirate Bay, which had been offline for about a week, has returned. Unfortunately it's returned with a cryptojacker added to its features.

Huawei has patched a TLS crypto bug affecting several products.

The European Union resumes deliberation over its proposed copyright law, regarded by opponents as a meme-killer at the very least, possibly worse. Sir Paul McCartney likes the law, but others do not: Wikipedia's Spanish, Italian, and Polish language service has been suspended in protest.

ZTE gets enough relief from US sanctions to update some of its products.

President Trump's tweeting scolds NSA over phone-call collection ("witch hunt").

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, Iran, Israel, Italy, Mexico, New Zealand, Poland, Russia, Saudi Arabia, Spain, United Arab Emirates, United Kingdom, United States

Is your malware lab a pain to use? Want a ridiculously easy to use malware lab?

Security teams who use a cloud browser can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

On the Podcast

In today's podcast, we hear from our partners at Accenture, as Justin Harvey shares some thoughts on quantum computing and its implications for security. Our guest, Gadi Naveh from Check Point Software, takes a look at open source security tools.

Sponsored Events

The Cyber Security Summit: Seattle on July 19 and Chicago on August 29 (Seattle, Washington, United States, July 19, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Dell, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Iranian Attackers Spoof Security Site for Phishing Lure (Infosecurity Magazine) An Iranian APT group has been spotted building a phishing site, using a cybersecurity company which outed it as a lure.

Hamas Uses Fake Dating Apps to Infiltrate Israeli Military (Infosecurity Magazine) IDF claims to have found sophisticated spyware operation

Geodo Malware Targets Patriots with Phishing Attack on Eve of American Independence Day Holiday (Cofense) A classic phishing technique involves timing attacks to match major holidays and other global and regional events. One example of this scenario in a phishing attack captured by Cofense Intelligence™ delivering the Geodo botnet malware on July 3, 2018. In this attack the threat actor appeals to the patriotic nature of the Fourth of July holiday and recipients’ sense of patriotism in its content. In these messages, the attacker reminds the recipient of the sacrifices of American service member as part of a narrative designed to entice victims to click on the link in...

Scans Reveal 13 Million Internet-Exposed Databases (BankInfo Security) Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's...

Facebook gave certain companies special access to customer data (Naked Security) What do Mail.ru, Nissan, Spotify, and Nike have in common? They were all afforded temporary extensions to access private Facebook data API.

Someone else is reading your Gmails (Naked Security) Remember when privacy advocates used to worry about Google scanning your email? Well now, they have another problem on their hands: real people reading them.

How to See Which Apps Can Read Your Gmail (Motherboard) Third party app developers read user emails, the Wall Street Journal reported, raising questions about Google’s oversight.

Phishing tales: Microsoft Access Macro (.MAM) shortcuts (Posts By SpecterOps Team Members) Previously, I blogged about the ability to create malicious .ACCDE Microsoft Access Database files and using them as a phishing vector…

Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS (Dark Reading) DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.

When your personal data is stolen, you’re the last to know (Quartz) It's a process that's become depressingly routine.

The Pirate Bay is silently mining cryptocurrency without user consent (HackRead) After being offline for over a week the torrenting giant The Pirate Bay is back online with a cryptocurrency mining code.

Linux targeted by illicit cryptocurrency miners (ComputerWeekly.com) Cryptojacking is increasingly being used by cyber criminals to raise funds, Watchguard report reveals.

New Cybersecurity Report Notes Rising Cases of Cryptojacking Attacks on Linux Devices (Bitcoinist.com) A recent internet security report from an independent cybersecurity firm has highlighted the growing threat of crypto-mining malware. Its findings Rising cases of cryptojacking, including attacks on devices running Linux have been noted in a new cybersecurity report.

Cryptocurrency heists soar as hackers steal £577m in six months (The Telegraph) A record amount of cryptocurrency has been stolen from online exchanges in the first half of 2018, according to a study into online heists.

Wiltshire pair poisoned by Novichok nerve agent (BBC News) They were exposed to the same substance as ex-Russian spy Sergei Skripal and his daughter Yulia.

Brain injury, sound-attack fears spread in China as more Americans evacuated (Ars Technica) Officials are still baffled amid new cases and reports of abnormal sounds, sensations.

Really dumb malware targets cryptocurrency fans using Macs (Ars Technica) A command spread through Slack and Discord channels to cryptocurrency users is a trap.

Tech-support scammers revive bug that sends Chrome users into a panic (Ars Technica) Similar bugs reportedly affect Firefox and other browsers, too.

Samsung Investigates Claims of Spontaneous Texting of Images to Contacts (Threatpost) After users complained online that their Galaxy devices are randomly sending photos to contacts, Samsung said it isn't a hardware or software issue.

Perth-based Cyanweb Solutions hit by "criminal hacking", website data and backups lost (CRN Australia) “Worst-case scenario” at Cyanweb Solutions.

Tamil Guardian website back online after cyber attack (Tamil Guardian) After almost a month, the Tamil Guardian website has come back online this morning, following a malware attack on the site.

Your private data goes for as little as a $1 on the dark web (CNBC) Your private information, from bank account numbers to Social Security cards, can be sold on the dark web, a hidden part of the internet where cyber crime is rampant.

How Pseudonymous Reputation and the Dark Web Have Made Cybercrime Easier Than Ever (Infosecurity Magazine) Today an array of marketplaces, infrastructure, and technology empower much more ordinary actors to commit crime on a massive scale with impunity.

Singtel rules out cyber attack as cause of 3½-hour outage (The Straits Times) Singtel is still investigating the root cause of a fibre broadband outage that saw its users cut off from Web surfing for 3½ hours yesterday morning, but it has ruled out a cyber attack.. Read more at straitstimes.com.

Security Patches, Mitigations, and Software Updates

How Microsoft helped neuter ‘double zero-day exploit’ before anyone was infected (CSO) Exploits like these are exactly why you should upgrade to Windows 10, says Microsoft.

Huawei enterprise comms kit has a TLS crypto bug (Register) You don't want insecure kit from a vendor the Pentagon hates, do you?

Millions of websites using HTTP may be labeled “Not Secure” with July Google Chrome update - DigiCert (DigiCert) DigiCert supports Google action to improve user security and offers free tools to help admins LEHI, Utah (July 3, 2018) — DigiCert Inc., the leading global provider of SSL/TLS certificates and other PKI solutions for securing web traffic and the Internet of Things (IoT), is providing industry guidance that millions of websites are not encrypted …

Cyber Trends

Halfway Through 2018, How Are All Those Cybersecurity Predictions... (Bricata) Earlier this year, we rounded up 20 security predictions for 2018 from across the industry. As we are nearing the halfway mark of the year, we thought it might be useful to revisit those predictions and see how they were panning out. Here we look back at the first three predictions – and the...

Truth, lies and data breaches (CRN Australia) Cybersecurity expert Troy Hunt shines a light on some facts surrounding hacks.

One Big Unintended Consequence of Protecting Cyber Privacy in the West (The Bull) In late May, people in Europe were blocked from US news sites such as the Los Angeles Times.

Top six security and risk management trends (Help Net Security) Security leaders should take advantage of six emerging trends, to improve their organization’s resilience while elevating their own standing.

How connected and secure is the modern workplace? (Help Net Security) What do employees want from a modern workplace and how well-placed are businesses to satisfying their requirements? Read on to find out.

Machine Learning, Cloud, Compliance and Business Awareness Drive Cybersecurity (Infosecurity Magazine) Gartner determine the six trends that it sees driving cybersecurity forward

Security Automation Soars to Top of Agenda (Infosecurity Magazine) Security orchestration, automation and response platforms need careful consideration in easing the security management burden.

Bill Clinton's cyber-attack novel: The airport haxploit-blockbuster you knew it would be (Register) Wannabe Die Hard with the literary genius of The Da Vinci Code

Marketplace

A cybersecurity fund has returned more than 30 percent since the Equifax data breach (CNBC) Since the Equifax hack last year, cybersecurity stocks have quietly outperformed amid market turmoil

Facebook confirms acquisition of London-based Bloomsbury AI (Computing) Facebook scoops up natural language processing start-up for up to $30m

TransUnion Completes Acquisition of iovation (GlobeNewswire News Room) TransUnion (NYSE:TRU) announced today that it has completed the acquisition of iovation, one of the most advanced providers of device-based information in the world, strengthening its leadership position in fraud and identity management.

Claranet Acquires Training & Pen Test Experts NotSoSecure (Infosecurity Magazine) Deal sees ethical hacking training provider and penetration testers join the Claranet portfolio

Israel's ThetaRay raises over $30 million for money laundering... (Reuters) Israel's ThetaRay, which uses mathematics to provide early detection from cyber threats, has completed a fundraising round of over $30 million, bringing the total amount raised to date to more than $60 million.

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors (Threatpost) More companies are looking to adopt "safe harbor" language in their bug bounty programs to build trust with participants.

Comodo CA Announces New World Headquarters (Dark Reading) Today, Comodo CA, a worldwide leader in digital identity solutions, announced it will be moving into a new world headquarters in Roseland, New Jersey this week.

Raytheon hires Air Force CISO Peter Kim (Cyberscoop) The U.S. Air Force’s recently departed Chief Information Security Officer Peter Kim joined the military contracting giant Raytheon as its director of IT security and governance at the company’s subsidiary Raytheon Missile Systems...

Products, Services, and Solutions

Corero secures $0.5m contract with unnamed American client - ShareCast News - London South East (London Southeast) Corero Network Security announced a $0.5m order for its new '100G SmartWall Threat Defense System' technology with an unnamed North American service provider on Monday.

Zilliqa Testnet v2.0 — Codename: D24 – zilliqa (zilliqa) Zilliqa is a new blockchain platform that is using the technology of sharding to scale to thousands of transactions per second as the…

Tripwire's IP360 vulnerability management solution features agent-based scanning (Help Net Security) By combining agent-based and agentless scanning options, Tripwire IP360 provides assessment of vulnerability risks across hybrid environments.

Redscan announces availability on G-Cloud 10 - cyber security for the public sector (Information Age) Redscan, cyber security services providers, has today announced their availability on G-Cloud 10, the government procurment platform.

ThreatMetrix has launched a risk engine API to support 3DS 2.0 environments (Help Net Security) ThreatMetrix has launched a risk engine API to support 3DS 2.0 environments, enhancing risk-based decisions for card-not-present transactions.

The changing faces of cybersecurity (Deloitte Canada) Canada's cyber talent shortage is being driven by the rapid spread of digital technology. But tackling the challenge will require an approach that is people-centric, not technology-centric. Deloitte's new cyber talent framework puts a human face on the problem.

DarkMatter to protect Expo 2020 digital network (Trade Arabia) DarkMatter, a leading UAE-based cyber security firm, has teamed up with Expo 2020 Dubai to deploy advanced cyber security technologies that will help safeguard Expo’s digital experience for millions of visitors and 180 country participants.

New online portal lets you send dash cam evidence directly to police (Auto Express) National Dash Cam Safety Portal launched by dash cam maker Nextbase, with support from 19 police forces

Top 7 Most Popular and Best Cyber Forensics Tools (HackRead) We often watch experts in movies using forensic tools for their investigations but what cyber forensic tools are used by experts? Well, here are top 7 cyber forensic tools preferred by specialists and investigators around the world.

Technologies, Techniques, and Standards

The DOD’s App Store Does This One Crucial Thing to Stay Secure (WIRED) To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.

How suppliers of everyday devices make you vulnerable to cyber attack – and what to do about it (The Conversation) Malicious code or deliberate design faults can be inserted into everyday business products before they even leave the original manufacturer. Here's how you can protect yourself.

Using cyber threat intelligence at the operational, tactical levels (FederalNewsRadio.com) Tom Topping, the senior director of strategic programs for FireEye, said agencies need to understand their risks and use cyber threat intelligence to better mitigate them.

China’s AI ‘entanglement’ with Australia and US (Jane's 360) Beijing’s focus on developing artificial intelligence (AI) technologies to support advances in both military and commercial domains is leading to increasingly strong ‘entanglement’ between Chinese agencies and counterparts in Australia and the United States, a new paper has said.

Security Standing Committee to secure the future of computing (Help Net Security) RISC-V Foundation Security Standing Committee will develop consensus around security practices for IoT devices, embedded systems, and other areas of computing.

Don't be a sitting duck in the next OT cyberattack ((ISC)² Blog) In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe.

Where To Invest Your Cybersecurity Budget (eSecurity Planet) Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.

For victims of smart home abuse, there's no easy out (Engadget) Unplugging could be dangerous.

Security Culture has to be Intentional and Sustainable (Infosecurity Magazine) Your security culture is – and will always be – a subcomponent of your larger organizational culture.

Want to beat facial recognition? Join the Insane Clown Posse (Naked Security) The black and white clown makeup worn by the rap duo and their fans fools facial recognition.

What base security needs to know about Insane Clown Posse camouflage (C4ISRNET) Like dazzle paint on World War I warships, the makeup worn by members and fans of Insane Clown Posse confuses identification systems.

How to See Everything Your Apps Are Allowed to Do (WIRED) It's never a bad time to audit your app permissions. In fact, it's more important than ever.

5 things to know about fitness trackers and security in 2018 (CSO Online) Activity trackers, including dedicated fitness trackers and smartwatches, can expose enterprise networks if not properly managed and connected.

Security Experts Commend IBM’s Ban on Flash Drives (SHRM) Data security experts applauded IBM’s recent decision to prohibit its employees from using removable data storage devices in the workplace but caution that the policy may not be right for everyone.

Research and Development

AI spots legal problems with tech T&Cs in GDPR research project (TechCrunch) Technology is the proverbial double-edged sword. And an experimental European research project is ensuring this axiom cuts very close to the industry’s bone indeed by applying machine learning technology to critically sift big tech’s privacy policies — to see whether AI can automa…

Academia

Mohammed bin Salman Cyber Security College signs deal with IronNet Cybersecurity (Al Arabiya) Prince Mohammed bin Salman College of Cyber Security, Artificial Intelligence and Advanced

US experts to teach Saudi students cyber warfare (Arab News) Saudi Arabian students are to learn about cyber warfare from the people who experienced it first hand, state news agency SPA reported. Former members of the US Department of Defense will be working with the Prince Mohammed bin Salman College of Cyber Security, Artificial Intelligence and Advanced Technologies in teaching various aspects of cyber warfare. The announcement follows the signing of an agreement between the college and IronNet Cybersecurity.

Scottsdale tech firm pledges $1M to help 100 women pursue STEM careers (Phoenix Business Journal) A Scottsdale technology firm is committing $1 million in scholarships to help 100 women pursue careers in information technology during the next decade.

Legislation, Policy and Regulation

Iranian Government Gags Crypto Exchanges To Fight 127% Inflation And New US Sanctions (ZyCrypto) The government in Iran has gagged bitcoin exchanges across the country, claim bitcoin users and alternate coin community of the Islamic state.

European MEPs vote to reopen copyright debate over ‘censorship’ controversy (TechCrunch) A 318-278 majority of MEPs in the European Parliament has just voted to reopen debate around a controversial digital copyright reform proposal — meaning it will now face further debate and scrutiny, rather than be fast-tracked towards becoming law via the standard EU trilogue negotiation proc…

Wikipedia goes dark in Spanish, Italian ahead of key EU vote on copyright (TechCrunch) Wikipedia’s Italian and Spanish language versions have temporarily shut off access to their respective versions of the free online encyclopedia in Europe to protest against controversial components of a copyright reform package ahead of a key vote in the EU parliament tomorrow. Update: Polish…

Ticket to copyright: Paul McCartney joins crowded fight over online rules (POLITICO) The European Parliament will vote on a sweeping overhaul of online copyright rules, and celebrities are getting involved.

US begins lifting ban on ZTE (The Verge) So it can update phones and other equipment

Congress's Efforts to Block Trump on Tariffs, China's ZTE Fizzle (Bloomberg.com) U.S. exporters want Congress to rein in President Donald Trump on tariffs, and national security hawks want Congress to force him to put Chinese telecom gear-maker ZTE Corp. out of business.

NDAA Nears the Finish Line–ZTE, Cloud, Cyber Still in Play (MeriTalk) The National Defense Authorization Act (NDAA) for FY2019 will head into conference next week when legislators return from the Fourth of July recess. The $700+ billion must-pass defense spending bill has been approved in both the House and Senate, and now the two chambers must come together to reconcile differences in the legislation and re-vote the unified bill before it can land on President Trump’s desk for signing.

Huawei founder bets Sino-US trade war won’t happen – but could he be wrong? (South China Morning Post) Ren Zhengfei, who established Huawei in 1987 and serves as its chief executive, expects the US and China to eventually reach a compromise on their trade dispute

SCOTUS and Congress Leave the Right to Privacy Up for Grabs (WIRED) As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.

Analysis | The Cybersecurity 202: How Trump's Supreme Court pick could influence digital privacy (Washington Post) Kennedy's successor could face a slew of online privacy cases.

Analysis | The Cybersecurity 202: Big tech is going after California's new privacy law (Washington Post) Google, Amazon and Uber are massing their resources.

California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear (Dark Reading) Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.

Florida elections supervisors urged to take federal help on security (TBO.com) Florida election supervisors should take advantage of help from the Department of Homeland Security to make systems more secure, Sens. Marco Rubio and Bill Nelson wrote in a letter

Litigation, Investigation, and Enforcement

Trump calls unauthorized NSA collection of data ‘a disgrace’ (POLITICO) “Wow! The NSA has deleted 685 million phone calls and text messages. Privacy violations?” the president tweets.

Trump falsely links NSA counterterrorism program to Mueller probe (Stars and Stripes) The president's assertion that the NSA may have committed privacy violations echoes his previous claims of privacy violations against him, including the false assertion that the Obama administration had "wiretapped" Trump Tower in New York City to spy on his campaign.

Senate report affirms conclusion that Russia favored Trump over Clinton (The Day) A Senate panel investigating Russia's interference in the 2016 presidential election released Tuesday a written summary of

Think Russian elections-meddling is fake news? Lawmakers disagree (Fifth Domain) The Senate intelligence committee announced it agreed with a 2017 assessment which said that Moscow preferred Trump during the 2016 presidential elections.

DOJ Agrees Not To Prosecute Imran Awan For House Cybersecurity And Theft, But Questions Remain (Daily Caller) 'The Government has uncovered no evidence'

NSO Group Employee Allegedly Stole Company’s Powerful Spyware for Personal Profit (Motherboard) NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company's code and tried to sell it for $50 million worth of cryptocurrency.

WhatsApp child sex claims leave 29 dead in Indian mob hysteria (Times) Rumours spread on social media that gangs of child traffickers and paedophiles are running wild in India have prompted several lynchings across the country, with at least 29 people murdered so far.

Elderly scam victims are too embarrassed to speak up (Naked Security) Financial talk itself is taboo. Admitting to getting fleeced and losing all your savings? That qualifies as super taboo, a new report says.

Kim Dotcom loses latest appeal to avoid extradition to U.S. (CBS News) The latest decision comes more than six years after U.S. authorities shut down Dotcom's file-sharing website Megaupload

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.