The CyberWire Daily Briefing 7.17.18

Summary

By The CyberWire Staff

The Trump-Putin summit is over, with predictable noises about reduction in tensions, scope for cooperation, healthy competition, and so on. But observers are baffled by President Trump's choice of the Helsinki meetings to air his now familiar skepticism of the FBI and other elements of the US Intelligence Community. He did ask President Putin about Russian information operations during the 2016 US elections, received the foreseeable denial, and left it at that, leaving the impression that he sided with Mr. Putin over his own Justice Department. (Impression reinforced by tweets.)

Mr. Trump's remarks at the summit are said to have run contrary to the hardline course on Russian hacking and hybrid warfare his advisors are believed to have recommended to him. In any case, US Director of National Intelligence Coats essentially says the Intelligence Community stands by its finding that Russian services have engaged in extensive influence operations. President Trump's performance has generally not received good reviews, with reaction across the political spectrum ranging from disappointment to outrage.

Trend Micro reports an uptick in reconnaissance by the Andariel Group, a subunit of Pyongyang's Lazarus Group. Adariel's program includes mostly South Korean targets.

Trend Micro is also tracking the reappearance of the Blackgear cyberespionage actor. Blackgear seems most interested in Japan, South Korea, and Taiwan. It's notable for its deployment of the Protux backdoor and its use of social media as command-and-control channels.

Telefonica reports a data breach exposing personal information of millions of Spanish customers. European authorities have been notified.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, France, Japan, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Russia, Spain, Taiwan, United Kingdom, and United States.

What do Floppy Disks, Han Solo, and Insider Threats Have in Common?

Visit the ObserveIT booth at Black Hat USA to find out! They’re going back to the 80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat management strategy—so you don’t have to be stuck in the past with your DLP and Flock of Seagulls haircut. And before you head out to Vegas, take ObserveIT’s quiz on which 80’s pop culture icon best represents your insider threat management strategy.

On the Podcast

In today's podcast we hear from our partners at Webroot as David Dufour discusses ransomware in the UK. Our guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising.

And Recorded Future's Inside Threat Intelligence podcast, produced in cooperation with the CyberWire, is up. The topic is Enabling Deeper Board-Level Understanding, as this episode focuses on working with board-level executives to enable a deeper understanding of cybersecurity and how it relates to business risk. The guest is Bryan Littlefair, CEO at Cambridge Cyber Advisers.

Sponsored Events

The Cyber Security Summit: Seattle on July 19 and Chicago on August 29 (Seattle, Washington, United States, July 19, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Dell, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

New Andariel Reconnaissance Tactics Hint At Next Targets (TrendLabs Security Intelligence Blog) Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets' systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication (TrendLabs Security Intelligence Blog) Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators.

Telefonica Spain Exposed the Personal Details of Millions of Customers (BleepingComputer) Telefonica, one of the world's largest telecommunications provider, has suffered a data breach this week, exposing the personal and financial information for millions of Spanish users of the company's Movistar landline, broadband, and pay television service.

Telefonica Calls Authorities after Massive Breach (Infosecurity Magazine) Millions of records were exposed in a telecom vendor breach.

Thousands of Mega logins dumped online, exposing user files (ZDNet) Exclusive: Email addresses, passwords, and lists of file names were exposed.

Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine (BleepingComputer) Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).

Analysis | The Cybersecurity 202: Russia hacking tactics exposed in Mueller indictment still a threat, election officials say (Washington Post) It's hard to defend against these simple attacks.

Russia Indictments Reminder of Phishing Threats (Infosecurity Magazine) Russian indictments increase concerns over threats of phishing campaigns in midterm elections.

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (Motherboard) Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'

Russian National Vulnerability Database Operation Raises Suspicions (Dark Reading) Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.

Russia Publishes Only 10% of CVEs (Infosecurity Magazine) Report finds Russia's vulnerability database, while highly focused, is incomplete and slow

Pavlov’s Digital House: Russia Focuses Inward for Vulnerability Analysis (Recorded Future) Insikt Group examines the publication speeds and utility of Russia’s vulnerability database with results suggesting sustained control of the Russian state.

Is Putin’s soccer ball gift to Trump bugged? (Fifth Domain) During their summit in Finland, Vladimir Putin gave Donald Trump a commemorative World Cup soccer ball. But was it an innocence gesture?

A Privacy Researcher Uncovered a Year of Breakups and Drug Deals On Venmo (Motherboard) Unless you change the settings yourself, the stuff you do on Venmo is publicly visible. “Public by Default” explores the easily accessible details of Venmo users’ lives.

No Evidence of GandCrab Leveraging SMB Exploit - Yet (Threatpost) Researchers found a new version of GandCrab - but no evidence that the ransomware is using the same SMB exploit as Wannacry.

The SIM Hijackers (Motherboard) Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim’s weakness? Phone numbers.

How to Protect Yourself From SIM Swapping Hacks (Motherboard) Here’s a guide on how to prevent and protect yourself against the threat of hackers taking over your phone number and going after your online accounts.

DanaBot Trojan Targets Bank Customers In Phishing Scam (Threatpost) A new phishing scam purports to be MYOB invoices - but really contains a novel banking trojan.

Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems (BleepingComputer) Academics say they've mounted a successful GPS spoofing attack against road navigational systems that can trick humans into driving to incorrect locations.

Cyber criminal interest in electrical utilities on the rise (Canadian Underwriter) Electrical and utility firms in North America continue to be a target for cyber criminals, the head of a cyber loss modelling provider suggests. Over the past few months, there has been an “uptick in threat actor activity around energy…

Security Patches, Mitigations, and Software Updates

USB Restricted Mode in iOS 11.4.1 now available to all iPhone users (Naked Security) The latest version of iOS includes bug fixes and at least one new feature that might be of interest to security-minded users.

Reprise Software Refuses to Patch RLM Issue (Infosecurity Magazine) Reprise Software has refused to patch a vulnerability in its Reprise License Manager

Cyber Trends

Threats, Politics, and Cryptocurrency Mining (AlienVault) With Infosecurity 2018 happening shortly after GDPR came into force, and thus ended months of preparation, we were interested as to whether security professionals have found GDPR to be a friend or foe over the last couple of years.

World powers equip, train other countries for surveillance (Help Net Security) Privacy International has released a report detailing how powerful governments finance, train and equip countries with surveillance capabilities.

Newsmaker Interview: Bruce Schneier on 'Going Dark' and the Crypto Arms Race (Threatpost) Noted cryptographer waxes on the threats posed by physical cyber systems, 'going dark' and a crypto arms race.

SCADA/ICS Dangers & Cybersecurity Strategies (Dark Reading) Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.

Most executives trust cloud-based systems to keep account payables secure (Help Net Security) Large majorities of surveyed executives trust cloud-based systems more than locally hosted ERP/AP systems to keep account payables secure.

Many infosec professionals reuse passwords across multiple accounts (Help Net Security) A Lastline survey from June 2018 revealed that 45 percent of infosec professionals reuse passwords across multiple accounts.

Marketplace

Government’s Kaspersky Ban Takes Effect (Nextgov.com) Pentagon, GSA and NASA contracts will now officially prohibit Kaspersky software.

Tenable prices initial public offering (Washington Business Journal) The Columbia company plans to sell 9.2 million shares of stock at an anticipated price of between $17 and $19 per share.

First Look At Tenable's IPO (Seeking Alpha) Tenable, a Maryland-based cybersecurity software vendor, has filed for its IPO. The company helps its clients to manage enterprise data with the goal of identifying and responding to cyber risks.</p><p>Tenable has 24k paying customers, most of which are billed annually on a subscription basis. This includes 53% of the Fortune 500. Revenues hit $187.7 million last year at a rapid 51% y/y growth rate. Billings too showed tremendous advances and supports a stable growth trajectory for the company.

1776 to launch startup accelerator program — with a twist (Washington Business Journal) A new accelerator from 1776 won't take equity in its startups.

Seven cloud vendors lining up for government security clearance (ZDNet) After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.

Former General Motors Cybersecurity Group Manager Joins NanoLock Security As VP of Customers (Business Wire) NanoLock Security today announced the appointment of Yoni Kahana as the company’s VP of Customers to lead NanoLock’s business development initiatives

McAfee Cybersecurity Expert Joins Plixer as CTO (GlobeNewswire News Room) Plixer, a leader in network traffic analytics and incident response, is announcing that Paul Piccard, a cybersecurity expert from McAfee, has joined Plixer as its new Chief Technology Officer and SVP of Engineering.

Products, Services, and Solutions

Nehemiah Security’s EQ Validates Offensive Intelligence to Drive Defensive Advances (Business Wire) Upgraded EQ Software Leverages Automated Cyberwarfare Tools to Establish Scalable and Repeatable Testing, Train Personnel, and Strengthen Defensive Posture

Digital Defense, Inc. Announces Integration with ForeScout Technologies (Digital Defense) Provides Organizations with Accurate and Complete Visualization of Network Risks

Alert Logic Transforms Container Security with Industry’s First Network Intrusion Detection for Containers (BusinessWire) Alert Logic delivers unprecedented network visibility to thwart attacks on containers deployed on AWS including Docker, Elastic Container Service, Kubernetes and Elastic Beanstalk

Infoblox Enables Rapid Automation of Core Network Services for Data Centers (PRNewswire) New Version of Infoblox NIOS™ Platform Integrates Cloud Readiness to Protect Devices Everywhere from Data Exfiltration

BlockSafe Technologies, First to Market with Cybersecurity Solution for Crypto Wallets (Business Wire) BlockSafe Technologies, Inc., (BlockSafe) the company that secures the blockchain ecosystem, today announced the availability of CryptoDefender™ for d

CrowdStrike Enhances Security Hygiene for Workloads on AWS (CrowdStrike) Falcon Discover empowers security teams through enhanced visibility, control, and improved security posture

Versasec Identiv Partnership (Versasec) Versasec Partners with Global Technology Company Identiv to Provide Strengthened Security and Identity Management

Darktrace Cloud protects cloud computing models and SaaS applications (Help Net Security) Darktrace Cloud can protect cloud computing models, applications, and devices with its cyber AI technology.

McAfee ePolicy Orchestrator now available on AWS (Help Net Security) McAfee ePO provides organizations time to focus on security concerns by eliminating the hardware, networking and database maintenance tasks.

ClearDATA launches healthcare compliant cloud offering on Microsoft Azure (Help Net Security) ClearDATA enables the move to the cloud with performance, agility and efficiency while adhering to the complex regulations in healthcare, including HIPAA, GxP and GDPR.

Optiv Security launches Privileged Access Managed Service (Help Net Security) Optiv’s Privileged Access Managed service protects data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline.

Monero has successful audit of their “bulletproofs”, only minor issues present (Chepicap) Monero or XMR is an open source securities token that focuses heavily on privacy and decentralization has recently had a successful audit by Kudelski Security of its new protocol.

Bitdefender New Security Line Will Stop Most-Sophisticated Attacks (Markets Insider) Bitdefender, a leading global cybersecurity technology company protecting over 500 million users worldwide,...

From National Security to Cybersecurity (Infosecurity Magazine) Crucial Academy addresses skills gap, offering free training to ex-military.

GitHub adds Python support for security alerts (Help Net Security) GitHub's Security Alerts now also work for Python projects, notifying developers about vulnerabilities in software packages that their projects depend on.

Technologies, Techniques, and Standards

How Can an ISAC Improve Cybersecurity and Resilience? (Security Intelligence) Sharing computer security information is now an established practice in IT. But pooling resources in an ISAC can provide greater insight, broader collaboration and improved overall cyber resiliency.

Here's Why the Federal Government Ought to Embrace the Blockchain (Nextgov.com) First, it's essentially impervious to tampering.

Census Should Be More Transparent About Cyber Protections, Former Officials Say (Nextgov.com) The Census Bureau will conduct its first largely online decennial census in 2020 but hasn’t said how it will secure the process.

Ex-cyber officials demand to know security measures for 2020 Census (TheHill) Former government cyber and technology officials are calling on the Census Bureau to publicly share its cybersecurity preparations for the 2020 Census after Special Counsel Robert Mueller indicted 12 Russians for the 2016 hack into the Democratic National Committee.

What does DoD need as it transitions to multidomain operations? (C4ISRNET) In future operating environments, the services are going to need interoperable systems that can readily share and fuse data, but how they will get there remains a bit of a mystery.

The Pentagon is gearing up to red team industry cybersecurity (Fifth Domain) The Pentagon is ready to test how the defense industry is doing on cybersecurity - and industry wants it.

Using Tape to Optimize Data Protection Costs and Mitigate the Risk of Ransomware for Data-Centric Organizations (IDC) IDC forecasts that 60% of organizations will have developed a digital transformation strategy and will be in the process of implementing it by 2020.

7 Security Trends Shaping Intrusion Detection Technology (Bricata) The threat landscape has evolved and is shaping the need for innovation in intrusion detection. These include the need for multiple methods of detection rather than just relying on one, like signature analysis. #ids #ips #networksecurity

How to Teach Your Employees About Cybersecurity (HackRead) With much of the workforce now being made up of millennials, this is a key part of ensuring cybersecurity training is a success.

Protecting a Mobile Workforce with Hybrid DNS Security (Infosecurity Magazine) The root of many of data breaches, and the damage and stress that accompanies them, lies the DNS.

Searching for Geographically Improbable Login Attempts (SANS Internet Storm Center) For the human brain, an IP address is not the best IOC because, like phone numbers, we are bad to remember them. That’s why DNS was created.

Design and Innovation

Zero login: Fixing the flaws in authentication (Help Net Security) Zero login essentially refers to the idea that we will never again have to recall complex passwords or provide documentation to identify ourselves.

A new data-driven idea of warfare doesn’t quite add up (New Scientist) Mathematical models of conflict are seductive, but we shouldn’t throw out the lessons of the past, warns David Betz

Weaponized AI -- Your Machine Is "Learning" But Who's The Teacher? (Forbes) Hackers are perverting machine language to infect critical datasets. This Professor explains how you can stop them.

D-Wave’s quantum computer successfully models a quantum system (Ars Technica) System lets researchers explore phase transitions in a quantum system.

Research and Development

Is the ‘Google Translate’ of sensor systems coming? (C4ISRNET) Lockheed recently concluded a series of flight tests with DARPA on an experimental program for stitching together systems.

Academia

60 Talented Hackers to Participate in Intensive Weeklong Bootcamp & Competition in Delaware (US Cyber Challenge) U.S. Cyber Challenge (USCC), the State of Delaware, and a conglomeration of Delaware universities (including the University of Delaware, Delaware Technical Community College, Wilmington

Legislation, Policy and Regulation

Putin laughs off election interference question (Washington Examiner) Russian President Vladimir Putin laughed Monday as Fox News reporter Chris Wallace asked him about meddling in the 2016 U.S. election, denying responsibility while defending the hacks he's accused of orchestrating.

Trump casts doubt on intelligence assessment of Russian election interference (Fifth Domain) During a summit with Vladimir Putin, Donald Trump said that he didn't

Trump sides with Russia against FBI (BBC News) The US president contradicts intelligence agencies over claims of interference in the US election.

Trump hands Putin a diplomatic triumph by casting doubt on U.S. intelligence agencies (Washington Post) At a Helsinki summit, the U.S. president refused to denounce Russian interference in the 2016 election and called the Mueller probe a disaster for our country.”

‘Very much counter to the plan’: Trump defies advisers in embrace of Putin (Washington Post) “Everyone around Trump” pushed him to take a strong stand against Putin over Russia’s interference in the 2016 U.S. elections. He ignored the advice.

Donald Trump faces backlash after hailing ‘productive’ summit with Vladimir Putin in Helsinki (Times) President Trump said that America’s relationship with Russia had changed after a “deeply productive dialogue” at his first formal summit with President Putin in Helsinki yesterday. The two leaders...

Fallout after Trump-Putin meeting: Live updates (CNN) The White House is struggling to control the fallout after President Trump sided with Russia over the US intelligence community. Follow live.

Top Republicans in Congress break with Trump over Putin comments (CNN) After President Donald Trump's stunning news conference Monday next to Russian President Vladimir Putin, members of Congress -- including some powerful Republicans -- were quick to rebuke Trump's performance on the world stage and Trump's refusal to call Putin out for interfering in the US election.

Trump Is Right to Meet Putin (POLITICO Magazine) America needs fewer enemies. What’s wrong with reducing tensions?

Trump thanks Rand Paul for praising his position on Russia (New York Post) Facing widespread condemnation for his fawning meeting with Vladimir Putin, President Donald Trump gave a shout-out to Sen. Paul Rand, who praised him for trying “to prevent us from having World Wa…

Trump-Putin Summit Is Over. The Head-Scratching? Not So Much (NYTimes) President Trump has ended his weeklong trip to Europe.

Putin showed a threatening video of nukes hitting Florida — and an outraged Trump snapped on him (Business Insider) A new report from the news website Axios indicates President Donald Trump became outraged in March after Russian President Vladimir Putin showed a video of nuclear weapons hitting Florida amid his reelection campaign.

Retaliatory Hacking Has Returned – Will States Ever Learn? (TechNative) In mid-June 2018, the United States Cyber Command (CYBERCOM) was officially given the authority to launch cyber attacks against foreign nations The change in policy comes after the elevation of CYBERCOM to a full-fledge combatant command, after being initially established in 2009. As a result, the commander of CYBERCOM will report directly to the U.S. Secretary of Defense, rather than another combatant commander. Empowering CYBERCOM represents a more proactive approach to directly respond to those states that “host or sponsor malicious hacking groups” believed to be perpetrating hostile cyber attacks against U.S. interests. The “hacking back” phenomenon has gained traction

Litigation, Investigation, and Enforcement

Trump's Stupid ‘Where Is the DNC Server?’ Conspiracy Theory, Explained (Motherboard) Trump refuses to believe all the evidence that Russia hacked the DNC, because he understands nothing about how digital forensics works.

U.S. officials charge NRA-linked Russian with acting as Kremlin agent (POLITICO) The Justice Department said one of the person's missions was to establish 'unofficial lines of communications with U.S. politicians and political organizations.'

Twitter shutters accounts linked to US election hacking (Naked Security) The move comes after special counsel Robert Mueller’s indictment of 12 Russians believed to have used the accounts as fronts in US election hacking.

It’s official: Brexit campaign broke the law — with social media’s help (TechCrunch) The UK’s Electoral Commission has published the results of a near nine-month-long investigation into Brexit referendum spending and has found that the official Vote Leave campaign broke the law by breaching election campaign spending limits. It says Vote Leave broke the law including by chann…

Guy jailed for refusing to unlock phones (Naked Security) The phones are new, he said, and he can’t remember the passcodes.

Suspect behind bitcoin exchange that “catered to criminals” ordered to France (Ars Technica) Russia isn't happy that one of its own won't be coming home.

‘LuminosityLink RAT’ Author Pleads Guilty (KrebsOnSecurity) A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.

7 Nigerians Indicted for Fraud Operation on Dating Sites (Dark Reading) Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.

21-year-old woman charged with hacking Selena Gomez (Graham Cluley) Popstar Selena Gomez’s alleged hacker has been charged. Are your secret password reset questions easy to answer with public information?

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Trump-Putin summit aftermath. Andariel Group is back. So is Blackgear. Telefonica suffers major data breach in Spain.