The CyberWire Daily Briefing 7.16.18

Summary

By The CyberWire Staff

Presidents Trump and Putin are meeting in Helsinki, Finland, today. The meetings are said to be one-on-one (interpreters excepted). This is apparently both presidents' preference.

The summit is expected to be complicated by Friday's announcement of the US indictment of twelve Russian intelligence officers belonging to the GRU on charges related to the hacking of US political targets—mostly the Democratic National Committee and the Clinton campaign—during the 2016 election cycle. The members of Fancy Bear are said to have accomplished their intrusion through spearphishing, and both DCLeaks and Guccifer 2.0 are alleged to be Russian false identities. The indictment also touches on money-laundering: the GRU operators are alleged to have mined Bitcoin to pay for their infrastructure in a deniable and unobtrusive way.

President Trump is expected to bring up the indictment in some fashion; many in Congress want it to be brought up firmly and frankly.

US Senators Gardner (Republican of Colorado) and Wyden (Democrat of Oregon) have asked the Department of Justice to determine whether the Cyber Caliphate was also a Russian false-flag operation.

US Director of National Intelligence Coats said Friday that "warning lights are blinking red" with respect to imminent cyberattacks against the US by Russia, China, Iran, and North Korea.

Le Monde reports Huawei's involvement in a major Chinese espionage campaign against the African Union. The company's devices have apparently been used to collect and exfiltrate data from the Union's Addis Ababa headquarters. The company has long denied it represents a security threat.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Ethiopia, European Union, France, Germany, India, Iran, Ireland, Democratic Peoples Republic of Korea, Russia, United Kingdom, United States

What do Floppy Disks, Han Solo, and Insider Threats Have in Common?

Visit the ObserveIT booth at Black Hat USA to find out! They’re going back to the 80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat management strategy—so you don’t have to be stuck in the past with your DLP and Flock of Seagulls haircut. And before you head out to Vegas, take ObserveIT’s quiz on which 80’s pop culture icon best represents your insider threat management strategy.

On the Podcast

In today's podcast we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin offers legal perspective on Friday's indictment of twelve Russian intelligence officers in connection with hacking during the US 2016 elections.

Sponsored Events

The Cyber Security Summit: Seattle on July 19 and Chicago on August 29 (Seattle, Washington, United States, July 19, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Dell, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Intel official: Cyber threat warnings ‘blinking red’ (Military Times) Warning lights about cyber threats to U.S. national security are “blinking red” and the digital attempts to undermine America are occurring daily, not just at election time, the nation’s top intelligence official said Friday.

Huawei linked to major data breach (Financial Review) Chinese phone company Huawei has been linked to a major data breach in Africa casting doubt on its national security credentials.

A Addis-Abeba, le siège de l’Union africaine espionné par Pékin (Le Monde.fr) Il y a un an, les informaticiens du bâtiment, construit en 2012 par les Chinois, ont découvert que l’intégralité du contenu de ses serveurs était transférée à Shanghaï.

Huawei Faces Scrutiny Over Claims It Infiltrated a Closed Facebook Meeting (SDxCentral) A lawsuit filed by a former Huawei employee against the Chinese telecom firm is adding some fuel to U.S. government fears that the company is spying on its

DHS secretary: Russia continues to view US elections as a target of cyberattacks (CNN) The head of the Department of Homeland Security warned state officials on Saturday that the threat from Russia targeting US elections has not dissipated.

DHS: Russia Not Targeting Election Systems Like 2016 (Roll Call) Although the 2018 “midterms remain a potential target for Russian actors,” the intelligence community has yet to see evidence of a robust campaign.

U.S. cybersecurity "not in a good place" for 2018, 2020 elections, says NYT's David Sanger (CBS News) This week on "The Takeout" podcast, New York Times reporter David Sanger analyzes the Trump administration's approach to cyber security

Spread of 'Fake News' Could Affect Irish Elections, says Gov Report (Infosecurity Magazine) Report has found Irish elections are exposed to interference through cyber-attacks and spread of fake news

Magecart presents an unprecedented threat: Here’s what you can do (Help Net Security) Recently we learned that the previously disclosed Ticketmaster UK breach from a few weeks ago was not a one-off event but instead part of a widespread website digital credit card skimming operation that impacted over 800 ecommerce sites around the world.

Russia Fends Off 25 Million Cyber-Attacks During World Cup (Infosecurity Magazine) Russia prevented nearly 25 million cyber-attacks and other criminal acts during the football World Cup

Compromised JavaScript Package Caught Stealing npm Credentials (BleepingComputer) A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the poisoned package inside their projects.

Flaws Expose Siemens Protection Relays to DoS Attacks (SecurityWeek) Researchers discover vulnerabilities that expose Siemens SIPROTEC protection relays to DoS attacks

Ransomware is so 2017, it's all cryptomining now among the script kiddies (Register) Plus: Hackers take crack at cloud, phones come pre-pwned, malware's going multi-plat

8 Insights on the Future of Ransomware (The State of Security) Nick Santora shares eight thoughts on ransomware and what this digital threat category might look like years in the future.

Two-factor auth totally locks down Office 365? You may want to check all your services... (Register) A network's only as strong as its weakest link or worker

Internet Crime Complaint Center (IC3) | Business E-mail Compromise The 12 Billion Dollar Scam (Federal Bureau of Investigation) Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments.

Webstresser: When Platform Capitalism Goes Rogue (Security Boulevard) Platform criminality is leading to a rise in online services that offer easy access to malware and cybercrime expertise We must move beyond a simplistic firefighting approach to cybercrime if we want to disrupt cybercrime supply chains Earlier this year, an international law enforcement cooperation led to the arrest of the administrators of webstresser.org,

Phishing scams – a deep dive into this year’s cyber attack trends (Security Brief) There’s no doubt email is the number one vector used to initiate attacks on organisations, and of those email attacks, phishing is king.

Cyrillic Characters Are Favorites for IDN Homograph Attacks (BleepingComputer) Cyrillic (Russian alphabet) characters are the most common characters used in IDN homograph attacks, according to research published last month by Farsight Security.

Cryptojacking: cyber-scourge or legitimate business model for the ad-block age? (Computing) Cryptojackers steal CPU time and bandwidth, but then again so do ads, says RiskIQ

Why Malware as a Business is on the Rise (Heimdal Security Blog) How has the malware economy developed so fast? In this article, we learn how malware evolved and transformed into a profitable business, and what can you do to better secure your data.

Security Patches, Mitigations, and Software Updates

Google Chrome's new Meltdown and Spectre safeguard is a memory hog (MobileSyrup) Google Chrome has introduced new safeguards against Meltdown and Spectre, but they come at a cost.

Microsoft Replacing 'Premiere Assurance' Support with New Security Plan (Redmond Channel Partner) Organizations using SQL Server 2008/R2 and Windows Server 2008/R2 products can add three years of patch support via Microsoft's new Extended Security Updates plans, the company announced Thursday.

Cyber Trends

Mobile cybersecurity is a hellish nightmare that’s getting worse by the day (VentureBeat) Despite screaming headlines about the growing vulnerabilities of mobile devices and promises to take the matter seriously, both individuals and corporations alike are still essentially walking arou…

Only 20% of companies have fully completed their GDPR implementations (Help Net Security) Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are

86% of enterprises have adopted a multi-cloud strategy (Help Net Security) Most enterprises are adopting a multi-cloud strategy, since no single cloud platform meets all enterprise workload requirements.

The Types of Hackers & Why They Hack (BleepingComputer) In current times, the term may describe a person who attempts to gain unauthorized access to computers, with less than honorable intentions, or the person who counters the bad intentioned one. But, there is a pretty broad spectrum of hackers and a variety of motivations for hacking.

Experts lay stress on importance of trained workforce for cyber security (The Times of India) An increased cyber security threat has sparked a need for cyber intelligence analysts and workers.

Marketplace

Why wasn’t the Pentagon’s tech guru surprised by Google Maven pushback? (C4ISRNET) Project Maven was part of a broader attempt to develop artificial intelligence for the Pentagon.

Goldman Sachs says cybersecurity stocks could get a boost from fears of meddling in the midterm elections (CNBC) Pointing to an expected uptick in security spending in the run-up to November, analyst Arjun Menon told clients that the select group of stocks are likely to see upside in the months to come.

One Secure Way for Investors to Play the U.S. Midterm Elections (Barron's) The upcoming 2018 U.S. midterm elections promise several leading months of uncertainty and volatility, followed by concerns over policy risk and a potential impeachment saga if the House of Representatives changes majorities.

ZTE can import technology from the U.S. again… for now (Brinkwire) ZTE’s strenuous journey to get back to work seems to have finally paid off, at least for the time being.

A-LIGN Raises $54.5 Million Growth Equity Investment from FTV Capital (BusinessWire) A-LIGN, a cybersecurity and compliance solutions provider that specializes in helping businesses navigate the complexities of regulatory and business-

Six Companies Join the Auto-ISAC (Markets Insider) The Automotive Information Sharing and Analysis Center (Auto-ISAC) welcomes as new members Mitsubishi E...

Billion-Dollar Unicorns: Is Palantir Losing Valuation? (Seeking Alpha) Palantir was expected to go public last year, but declining valuations appear to have deferred that plan. Analysts still hope that Palantir will be able to make

Cyber security threats stir competition among UK tech groups (Financial Times) ECSC, Blancco and NCC Group struggle as risks for businesses escalate

CACI Wins Place on $50B GSA Alliant 2 Contract (WashingtonExec) CACI International Inc. has been awarded a place on the General Services Administration's Alliant 2 contract, a multple-award indefinite

King & Union Appoints Chris Camacho as Board Advisor (PRNewswire) Flashpoint Chief Strategy Officer helps shape cybersecurity startup's future growth strategy, offers support as the firm rolls out new information sharing platform

Products, Services, and Solutions

Review | Your password has probably been stolen. Here’s what to do about it. (Washington Post) Getting a password manager is the most important way to improve your online security. Our tech columnist picks the best.

Janrain Collaborates With Akamai to Bring Security to Janrain's Identity Cloud (Martech Advisor) Janrain Secure Edge Brings Industry-leading Security from Akamai to the Janrain Identity Cloud

Comodo Cybersecurity and Cloud Distributor intY Strike Global Distribution Deal (Markets Insider) Comodo Cybersecurity, the global leader in innovative cyber technology software solutions, today announced it h...

Plurilock Launches New Global Channel Partner Program for its Invisible Identity Assurance Cybersecurity Solution (PRNewswire) As Demand for Its Behavioral Biometrics & AI Technology Grows, Plurilock Closes Seed Round, Adds 9 Channel Partners

Hackproof CryptoSecure to Set New Security Standard for Cryptocurrencies (GlobeNewswire News Room) Impenetrable security is essential for cryptocurrency potential to be realized

ManageEngine Rolls Out Two-Factor Authentication (TFA) in ADSelfService Plus; Adds an Extra Layer of Security (ReadITQuik) ADSelfService Plus will now be able to enable organizations to introduce an additional layer of protection for crucial resources that are accessed by users via Windows-based machines

Now HackerOne is handling Tron [TRAX] foundation's Bug Bounty program (BCFocus) Tron Foundation launched a Bug Bounty Program with the highest reward of USD$10 million in the month of May.

Technologies, Techniques, and Standards

SECURITY: DHS official pushes to 'move beyond' cyber info sharing (E&E News) A top cybersecurity official announced plans to shift the Department of Homeland Security's focus from sharing information on cyberthreats to offering tools for concrete action.

IRONSCALES Survey Reveals Phishing Awareness Training Not Equating to (PRWeb) IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced the results of a recent survey of security pro

Failed GDPR Consent Efforts (Information Security Buzz) The Facebook fine announced today for the Cambridge Analytica breach would have been significantly larger under GDPR. While the flurry of activity around the May 25 GDPR deadline may have subsided, the confusion regarding privacy, consent and what comprises actual GDPR compliance is only building. Pravin Kothari, Founder and CEO of cloud security provider CipherCloud, …

Cyber defense team trains with civilian agency at Cyber Shield 18 (DVIDS) Oklahoma National Guard Soldiers are no stranger to working side-by-side with fellow government agencies at home and on the battlefield. However, during a two-week training event at Camp Atterbury, Indiana, Soldiers from the OKARNG trained with a civilian agency to better prepare for a threat on the cyber battlefield.

Securing real-time payments with tokenization (Rambus Blog) For banks, direct debit (ACH) fraud represents a bigger financial risk than card fraud. In particular, growing momentum for real-time payment schemes across the world is creating huge opportunities for fraudsters and placing increasing pressure on banks and clearing houses, who now have only seconds instead of days to identify fraudulent transactions.

Matching disaster recovery to cyber threats (ComputerWeekly.com) While it is important to take steps to prevent cyber attacks, they can still happen. That is why disaster recovery practices are equally as critical

Academia

Coast Guard Academy to offer new major in cyber systems (Longview News-Journal) The U.S. Coast Guard Academy is now offering an academic program in cyber systems, its first new major in a quarter century.

Pilot program substantiates efforts to introduce students in rural Alabama to cybersecurity (The University of Alabama in Huntsville) Though initially established to introduce high school students in rural Alabama to the field of cybersecurity, the Expanding Cybersecurity Innovative Incubator to Extended Demographics (ExCIITED) program has managed to do much more over the course of its first year. Indeed, not only did 16 members of its initial cohort successfully complete the program’s requirements, but three of its four seniors will also be attending UAH this fall.

Kaspersky to help train Swinburne students in cyber security (ITWire) Security firm Kaspersky Lab and Swinburne University of Technology have signed a memorandum of understanding to support cyber security education and h...

Three Russian Universities Add Crypto Courses and Diplomas (Bitcoin News) More academic institutions in Russia are starting educational courses and even postgraduate programs in crypto and blockchain technologies. Three universities will be teaching related subjects like cryptography and digital economy during the new academic year beginning in September.

Legislation, Policy and Regulation

The Cybersecurity 202: Trump's meeting with Putin a pivotal moment for effort to deter Russian cyberattacks (Washington Post) President Trump's meeting today with Russian President Vladimir Putin is a pivotal moment for his administration's efforts to deter future election interference efforts by Moscow and other sophisticated actors.

Trump-Putin summit hits last-minute turbulence (Asia Times) A craftily timed intervention to torpedo - or reset the agenda - of Monday's Helsinki summit will infuriate and disappoint Moscow

Cyber Saturday: Red Flags Flap Before Trump-Putin Meeting (Fortune) On Friday, the special counsel investigating Russian interference in the 2016 presidential election issued an indictment of 12 Russian military intelligence officers accused of conspiring to obstruct American democracy.

Perspective | I’ve been in meetings with Putin. Here’s what Trump can expect. (Washington Post) He's confident. He'll never admit wrongdoing. And he'll probably be late.

Dems to Trump: Cancel Putin meeting over hacking indictments (Fifth Domain) Democrats in Congress are pressuring President Trump to cancel his meeting with Vladimir Putin in the wake of indictments against a dozen Russians who meddled in U.S. elections.

Trump-Putin summit mystery: What about Snowden? (POLITICO) Trump has called for the fugitive NSA leaker’s execution and once guaranteed that Russian President Vladimir Putin would hand him over. But there’s no sign that Trump is pressing the issue.

G.R.U., Russian Spy Agency Cited by Mueller, Casts a Long Shadow (New York Times) From the downing of a civilian airliner over Ukraine to operations in Syria to the 2016 United States election, the G.R.U. has been an arm of the Russian state.

France’s cyber command marched in Paris’s Bastille Day Parade for the first time (The Verge) A small demonstration that cybersecurity is a national priority

Australia to ban Huawei from 5G roll-out amid security concerns (CNET) Intelligence agencies warned the government about the company's links to China.

Senators push to block Trump's ZTE deal in final defense bill (TheHill) A bipartisan group of senators is urging negotiators on Capitol Hill to retain a provision in the annual defense policy bill that would block President Trump’s deal to save Chinese telecommunications giant ZTE.

The AI Column: How To Think About China, Silicon Valley And CFIUS (Task & Purpose) CFIUS has come under increasing scrutiny as China has invested heavily in the U.S. technology sector in a way Silicon Valley fears

Microsoft Calls For Federal Regulation of Facial Recognition (WIRED) “Facial recognition will require the public and private sectors alike to step up—and to act,” says Brad Smith, the company’s president.

Official: Outdated classification system near the breaking point (FCW) In a new report, the chief of the Information Security Oversight Office warns that the system by which critical security information is created, classified and shared is overburdened by a reliance on paper, legacy policies and incompatible tech.

Litigation, Investigation, and Enforcement

12 Russian Intelligence Officers Indicted for Hacking U.S. Democrats (SecurityWeek) Twelve Russian intelligence officers have been indicted by a grand jury for hacking Democratic Party emails ahead of the 2016 US presidential election, Deputy Attorney General Rod Rosenstein announced July 13.

Mueller indictment: Read the full charges against Russia’s GRU intelligence agency (Fast Company) The indictment was announced today by Deputy Attorney General Rod Rosenstein.

DOJ Russia DNC Hack Indictment (NPR) The Grand Jury for the District of Columbia charges...

Tracing Guccifer 2.0’s Many Tentacles in the 2016 Election (Mew York Times) The indictment of 12 Russian operatives provides never-before-seen detail about the central role of the online avatar Guccifer 2.0 in the dissemination of stolen Democratic documents.

Russian Hackers Kept DNC Backdoor Longer Than Anyone Knew (The Daily Beast) The Democrats swore in the summer of 2016 that they had banished all outside intrusions from their networks. They were wrong.

America’s indictment of Russian hackers underlines the cyber risks facing US politics (MIT Technology Review) Special Counsel Robert Mueller’s charges against 12 members of Russia’s GRU military intelligence agency accused of hacking related to the 2016 US presidential election are a stark reminder of the ways in which technology can be used to disrupt democratic processes.

After indictment, Russian hackers’ lives “changed forever,” ex-ambassador says (Ars Technica) Dozen named Russians now can't travel as freely, and Moscow is now on notice.

Indicting 12 Russian Hackers Could Be Mueller's Biggest Move Yet (WIRED) The special counsel has unleashed an international, geopolitical bombshell.

The Russia Investigation Is A Puzzle Designed Never To Be Solved (The Federalist) Rod Rosenstein and others embarrassed by DOJ’s actions may derive safety from the never-ending nature of the investigation.

For Mueller, pushing to finish parts of Russia probe, question of American involvement remains (Washington Post) There are signs that the special counsel is moving to finish a significant portion of his investigative work by the end of the summer.

What Robert Mueller Knows—and 9 Areas He'll Pursue Next (WIRED) The special counsel has collected a mountain of evidence in the Trump-Russia investigation, but so far only a tiny amount of it has been revealed in official indictments. Here are nine areas where we should expect answers as the inquiry unfolds.

The Russians Who Allegedly Hacked the DNC Mined Bitcoin to Fund Their Operation (Motherboard) The Russian hacking team singled out in the Mueller probe’s latest indictment allegedly mined Bitcoins and banked on cryptocurrency’s pseudonymity to keep their identities hidden.

Basic Digital Security Could Have Prevented One of the Biggest Political Scandals in American History (Motherboard) Russia hacked the Clinton campaign in large part because John Podesta didn't bother to turn on two-factor authentication.

The public tools Russia allegedly used to hack America’s election (Fifth Domain) Using spear-fishing, Russian intelligence officials launched a devastating hack against Hillary Clinton's 2016 presidential campaign.

President Trump blames Barack Obama for Russian cyber attack on Democratic email servers - NY Daily News (New York Daily News) President Trump took aim at his predecessor Barack Obama for failing to do more in preventing Russia’s cyber attack on Democratic email servers while fanning the flames of a deep web conspiracy theory.

‘I hadn’t thought’ of asking Putin to extradite indicted Russian agents, Trump says (Washington Post) The president also tried to set expectations for his one-on-one meeting with Russia’s Putin in a new CBS interview.

Rand Paul on Russian election meddling: 'We all do it' (POLITICO) The Kentucky senator said Moscow would not admit that it interfered in the 2016 election.

Russia probe indictments spotlight risk of bitcoin, digital currency (McClatchy DC) The use of so-called cryptocurrencies in global finance are likely to come under increased scrutiny after the Justice Department announced indictments Friday against 12 Russian military intelligence officers.

[Letter requesting DoJ investigate the Cyber Caliphate as a Russian intelligence service false flag operation] (US Senate) We write to express our concerns about reports that Russian intelligence services posing as Islamic extremists threatened and harassed U.S. military families. We urge you to investigate this potential false flag operation and to hold any perpetrators accountable.

‘Novichok bottle’ found in search at victim Charlie Rowley’s home (Times) Counterterrorism police have found a small bottle believed to contain a nerve agent that killed a woman and was used in the attack on a former Russian spy and his daughter. Assistant Commissioner...

Huawei Faces Scrutiny Over Claims It Infiltrated a Closed Faceboo (SDxCentral) A lawsuit filed by a former Huawei employee against the Chinese telecom firm is adding some fuel to U.S. government fears that the company is spying on its

Top Liberal not convinced by WA government's Huawei security assurance (WAtoday) Acting Opposition Leader Liza Harvey has raised questions over the advice received from security agencies over the awarding of a $136 million telecommunications contract to a Chinese telco.

Three Arrests Made in Largest Hack in Lebanon's History (BleepingComputer) Beirut officials have arrested three suspects believed to be behind what local authorities are calling the biggest hack in Lebanon's history.

Kaspersky Lab, Russian cyber firm, denied injunction in appeals case against Trump administration (The Washington Times) Russian cybersecurity firm Kaspersky Lab suffered another setback Friday in its efforts to oppose new rules prohibiting the U.S. government from using its antivirus software and services.

Smart TVs are invading privacy and should be investigated, senators say (Ars Technica) Democrats want FTC probe of privacy policies and practices of smart TV makers.

Facebook ordered to let grieving mother in to dead daughter’s account (Naked Security) The girl’s parents want access to her account to see if her death was the result of cyberbullying.

National Lottery website hackers jailed (BBC News) Idris Akinwunmi transferred £13 into his account after the attack on National-Lottery.co.uk

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be engaging round table debates with industry experts, colleagues and peers. The Symposium began with the inaugural conference in San Francisco March 2018. The conference focused on IoT Security, Secure Payments, Medical Device Security, Smart Cities, Block chain and other topics centered around IoT Security. As the world continues to become more connected, 20+ Billion IoT devices, protecting our devices and systems are critical. Linked devices (vehicles, computers, phones, industrial systems, personal assistants, homes, etc.), user identity and authentication all need a high level of security. As hacking, phishing, DDOS and ransomware continue to increase, one thing is certain: Securing The Internet of Things is critical to our survival!

upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.