The CyberWire Daily Briefing 7.18.18

Summary

By The CyberWire Staff

At a mid-afternoon press conference yesterday US President Trump walked back remarks he made at the conclusion of his summit with Russian President Putin which gave the impression that he accepted Mr. Putin's word over that of US intelligence services, apparently agreeing that Russia had not attempted to influence US elections. Mr. Trump's remarks in Helsinki were roundly criticized from all political sides. The President said that he either misspoke or was mis-heard, and that he believes what the US Intelligence Community has concluded about Russian influence operations.

Mr. Putin did a bit of woofing about conducting a joint Russo-American investigation into the Russian influence operations he insists didn't happen. (Many will be reminded of similar offers of joint investigation into the Novichok nerve agent attack in Salisbury, England, for which Russia also denies responsibility.)

Siemens has updated its security guidance on the Spectre and Meltdown chipset vulnerabilities, warning of new variants and promising software and firmware updates to address them.

Magnibur ransomware, endemic in South Korea, has spread in new variants to other East Asian linguistic communities, especially in China, Singapore, and Malaysia.

US medical diagnostics provider LabCorp has sustained a data breach that could expose the medical records of millions of patients.

The US Department of Defense intends to add cybersecurity checks to the test and evaluation phases of its acquisition cycle.

Oracle's quarterly patch update was released yesterday.

Slate retracts a story about a Verizon data breach. Their reporting mistook an old story for a new one.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Israel, Jordan, Kenya, Republic of Korea, Malaysia, New Zealand, Russia, Singapore, United Kingdom, United States

What do Floppy Disks, Han Solo, and Insider Threats Have in Common?

Visit the ObserveIT booth at Black Hat USA to find out! They’re going back to the 80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat management strategy—so you don’t have to be stuck in the past with your DLP and Flock of Seagulls haircut. And before you head out to Vegas, take ObserveIT’s quiz on which 80’s pop culture icon best represents your insider threat management strategy.

On the Podcast

In today's podcast, we talk with our partners at Dragos, as Robert M. Lee discusses the Electrum threat group. Our guest is Jonathan Couch from ThreatQuotient, who offers some insights on dark web markets.

Sponsored Events

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Magniber Ransomware Expands From South Korea to Target Other Asian Countries (BleepingComputer) After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.

From Mind Games to Election Hacking: Russia’s Trolling Tactics Explained (NYTimes.com - Video) Cyberattacks. “Little green men.” Frozen conflicts. These are just a few of the tactics Russia and its leader, Vladimir V. Putin, have used to try to disrupt the world order.

Siemens Warns Customers of New Meltdown, Spectre Variants (Industrial Control Systems (ICS) Cyber Security Conference) Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. Several industrial control systems (ICS) vendors published security advisories for the CPU flaws shortly after they were disclosed in early January. Siemens …

Spectre Variants 1.1 & 1.2 (eSentire) Two new variants of the Spectre side channel attack have been discovered, neither of which are mitigated by previous Spectre security patches. eSentire Thr...

Stolen Code-Signing Certificate Used in Malware Attack (Computer Business Review) A new malware campaign that misuses stolen digital certificate has been identified by ESET Internet Security firms’ researchers.

Protego Labs Finds Nearly All Serverless Application Functions at Risk (PRWeb) Protego Labs recently discovered that 98 percent of functions in serverless applications are at risk, with 16 percent considered “serious.”

LabCorp hacked? Investigation under way (UPDATED) (DataBreaches.net) Related Posts:Records stolen from LabCorp Patient Service CenterJudge Dismisses Lawsuit Charging LabCorp with HIPAA…Women Find Thousands of Medical...

800K Patient Records At Issue in ProCare Health Snafu (Threatpost) IT companies allege that one of New Zealand’s largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.

Ubisoft Games Hit by Massive DDoS Attacks (HackRead) Ubisoft has suffered a series of massive DDoS attacks (distributed denial-of-service) forcing several Ubisoft gaming servers to go offline.

DDoS Attacks Get Bigger, Smarter and More Diverse (Threatpost) DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet's oldest nemeses.

Microsoft tops list of brands impersonated by phishers (Help Net Security) The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, likely due to a surge in adoption of Microsoft Office 365.

Cryptojacking: Has cryptocurrency-mining malware already reached its peak? (ZDNet) Newly released figures suggest coinmining attacks have started to decline, as some hackers grow impatient with low returns on their investment, which could lead to a rise in more dangerous attacks.

EMP Risk is 'Not a Sideshow': Why One Cyber Attack Could Wipe Out 90% of US Population (CBN News) Cybersecurity experts say foreign hackers are penetrating the US power grid and other critical infrastructure. The risk of an EMP attack that shuts down the power grid and cripples the US is real, and some experts say we're not doing enough to protect ourselves.

IMB data breach prompts 'comprehensive response' (Baptist Press) A data breach at the International Mission Board that may have exposed personal information of current and former employees, volunteers and applicants has led the Southern Baptist entity to undertake a 'comprehensive response.'

Millions of Verizon Customers’ Information Was Exposed Because of a Third Party It Hired to Analyze the Data (Update: Actually, This Happened Last Year) (Slate Magazine) Not good!

Security Patches, Mitigations, and Software Updates

Oracle Critical Patch Update Advisory - July 2018 (Oracle) A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.

Cyber Trends

From Bullets to Clicks: The Evolution of the Cyber Arms Race (Dark Reading) Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.

Marketplace

If Your Weapons Aren’t Cyber-Hardened, Expect to Lose Pentagon Contracts (Defense One) The Pentagon intends to start assessing its weapons’ resistance to hacks, instead of leaving that to manufacturers.

As OTAs grow, traditional contractors are reaping the benefits (FederalNewsRadio.com) The Defense Department spent nearly $21 billion on OTAs in the past three years, but who is bringing home the bacon? Are traditional defense contractors using them to avoid oversight?

Microsoft offers bug bounties for holes in its identity services (Help Net Security) Microsoft is asking security researchers to look for technical vulnerabilities affecting its identity services and OpenID standards implementations.

Top Cybersecurity Stocks Proofpoint, Okta, FireEye Near Buy Points (Investor's Business Daily) The software sector continues to lead, and top cybersecurity stocks Proofpoint, Okta and FireEye all working on bases. Palo Alto Networks, CyberArk Software, Qualys and Zscaler are consolidating, but they're too short to be bases.

Compliance-Focused Firms Draw Investor Dollars (Wall Street Journal) Recent investments in companies that deal with financial crime and compliance have put these firms on the radar of venture capitalists and private-equity funds, especially as they offer savvier ways to streamline compliance for banks and financial institutions.

ObserveIT closes $33M in Series B financing (Help Net Security) The funding will be used to accelerate innovation for ObserveIT’s insider threat management solutions and to expand ObserveIT’s sales and marketing teams.

Alexa, Are You A Spy? Israeli Startup Raises $12.5 Million So Governments Can Hack IoT (Forbes) Former Israeli Prime Minister helps launch a one-stop hacking shop for government agencies. Privacy concerns abound.

Data Privacy Automation Provider Integris Software Secures Oversubscribed $10 Million Series A Financing Round (Business Wire) Integris Software, a leading provider of data privacy automation, today announced it has raised a $10 million Series A financing round.

This office security startup wants to kill the keycard (Business Insider) Openpath, which just raised $20 million, lets employees enter the office with their phones — and claims it can do it without any glitches or hiccups.

CEO sees recent acquisition as Allied Universal’s continued evolution (SecurityInfoWatch.com) USSA expands both reach and competencies for growing service and tech company

Plurilock Rolls Out First Formal Partner Program (Channel Partners) Plurilock's new sales channel partners include such companies as Carahsoft, Siltek, Paramount Computer Systems (PCS) and Assurity Systems, and through these and other partners, the company now is readily available in the Middle East, Europe and Asia/Pacific, in addition to the Americas.

U.S. Navy Selects Unisys Software for Secure, Mission-Critical Communications (PRNewswire) Under contract worth approximately $20 million, company will develop, operate and manage tactical military messaging software

FARNBOROUGH: Raytheon to advise Jordan on aircraft cybersecurity (Flightglobal.com) Raytheon has been selected to advise the Kingdom of Jordan on the vulnerability of its aircraft networks and data to cyberattacks.

Syniverse names former FBI cyber official as its top security and risk officer (Tampa Bay Times) Syniverse, the Tampa-based company that knits together the world's mobile communications networks, has hired a 26-year veteran of the FBI as its chief security and risk officer, effective tod

Kudelski Security Maintains Growth in Consulting & Research Services With Strategic Hires (Markets Insider) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:K...

Products, Services, and Solutions

Webroot Announces Integration with BrightGauge (Webroot) Industry-First Integration Enables MSPs to Gain the Most Intelligence out of Their Data for Better Business

NGFW achieves highest security effectiveness (Forcepoint) While next generation firewalls (NGFWs) have historically been thought of as security products, it’s surprising how few vendors deliver security that actually works.

ERPScan continues helping protect business-critical systems (ERPScan) ERPScan, a leading ERP security company, again helped Oracle protect its most critical enterprise business applications including PeopleSoft and JD Edwards by providing the information on 17 vulnerabilities affecting the vendor’s products. Patches for these vulnerabilities have been released today as a part of Oracle’s quarterly Critical Patch Update (or CPU). Some have almost the […]

BehavioSec’s Behavioral Biometrics platform fulfills critical requirements achieving Payment Services Directory 2 (PSD2) compliance (Behaviosec) The European Banking Authority confirms behavioral biometrics as a proven technology delivering enhanced authentication and anti-fraud measures for payment service providers. Widely deployed across global banks, BehavioSec’s behavioral biometrics platform keeps customers prepared for PSD2 mandates and business opportunities. Stockholm/München – July 17, 2018 BehavioSec, the first vendor to pioneer behavioral biometrics, today announced that …

ThreatConnect Announces Enhanced Orchestration Capabilities Designed to Measure and Improve Security Operations Efficiency (ThreatConnect) ThreatConnect continues to reinforce its platform's value combining threat intelligence, analytics and orchestration

SoftwareONE Launches Security for Microsoft 365 (Daily American) SoftwareONE, a leading software and cloud portfolio management provider, announced today that it has launched Security for Microsoft 365, a new managed service that enhances the

Kaspersky Lab detects 42 million attacks on smartphones (IT Pro Portal) Mobile device management is not enough to protect employee smartphones from growing cyber threats.

Sophos Intercept X for Server Blocks Cyber Attackers from Hitting the Business Bullseye (GlobeNewswire News Room) Sophos (LSE:SOPH), a global leader in network and endpoint security, today announced Sophos Intercept X for Server, next-generation server protection with predictive deep learning technology that provides constantly evolving security against cyber threats.

Emsisoft Anti-Malware offers 4-layered protection to Windows (Windows Club) Emsisoft Anti- Malware is a light-weight security software that offers powerful protection for your Windows computers. It ships with a unique dual-engine scanner, offers 4-layered protection, hourly updates against 300000 new threats every day, and advanced malware removal capabilities. Today we take a look at the features that this antivirus software brings to you.

Has Your Multifunction Printer Become A Data Loss Risk? Consider DLP For Images. - Security Boulevard (Security Boulevard) Do you have one of those multi-purpose photocopier / printer / scanners?

Rapid7 Integrates with Microsoft Azure to Provide Visibility, Analytics, and Automation for Cloud Security (GlobeNewswire News Room) Rapid7 Insight platform integration with Azure increases visibility of threats in cloud and hybrid environments, helping to power the practice of SecOps between Security, IT, and DevOps

Change Healthcare Gives Payers and Providers the Keys to Cloud Security (PRNewswire) Change Healthcare Intelligent Healthcare Network introduces "BYOK" and "kill switch" technology to help payers and providers control security and respond to threats quickly and decisively

IBM attempts to graft VM security onto container flexibility (Register) Nabla Containers promises reduced attack surface through fewer system calls

BOHH Labs | BOHH Labs and Teradata Partner to Securely Expand Business Data Analytics Capabilities (RealWire) BOHH Labs’ brand new Secure Data as a Service© drives on-premise and cloud analyticsBOHH Labs, the leading provider of seamless and secure access to data, and Teradata Corporation, the leading data and analytics company, today announced a partnership to drive better business outcomes through securely accessing data in on-premises and cloud environments

Bitglass and Okta Partner on Advanced Access and Security for the Cloud - Media Releases (CSO) Partnership Brings Together Bitglass’ CASB and Okta’s IAM Capabilities

Bitdefender unveils new 2019 product line (PC World) Bitdefender launches its 2019 consumer security product line, which aims to stop criminals before they attack.

Symantec Announces Industry’s First Integrated Email Threat Isolation Solution to Render Advanced Email Attacks Harmless (Business Wire) Innovation represents major step forward in the fight against sophisticated phishing, account takeover, and ransomware attacks

Technologies, Techniques, and Standards

New Protocol Promises to Improve Wi-Fi Security — Eventually (Security Intelligence) WPA3, which was released in June 2018, promises to improve Wi-Fi security — but the changes will be gradual because the Wi-Fi Alliance will need to certify routers to work with the new protocol.

Research Finds Nearly 30% of Federal Agencies Have Yet to Start their DMARC Compliance Journey for BOD 18-01 (Proofpoint) Last October, the Department of Homeland Security issued Binding Operational Directive (BOD) 18-01 with the intent to safeguard federal information and information systems. A key component of this initiative is to drive these agencies to implement SPF and DMARC email authentication protocols within 12 months.

Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud? (Security Intelligence) New data reveals that security professionals are increasingly concerned about employee negligence because it forces them to respond to preventable data breaches.

Threat intelligence 'absolutely critical' to government cyber programs, NYC CISO says (StateScoop) Geoff Brown, New York City's chief information security officer, says in a video interview that intelligence-driven security programs are the way to go.

Design and Innovation

Instagram Working on Stronger 2FA That Won't Use Your Phone Number (Motherboard) Some Instagram users are at particular risk of sim hijacking, where a hacker takes control of their phone number and uses that to break into accounts. Now, Instagram is pushing towards app-based authentication, which should make the hackers' job harder.

How Google's Safe Browsing Helped Build a More Secure Web (WIRED) You may not have heard of Safe Browsing, but it's made the web more secure for over a decade. Here's its story, from the people who built it.

Research and Development

The Pentagon Wants to Bring Mind-Controlled Tech To Troops (Nextgov.com) The Defense Department’s research arm is working on a project that connects human operators’ brains to the systems they’re controlling—and vice versa.

Pentagon Plans to Publish Broad Artificial Intelligence Strategy ‘Within Weeks’ (Nextgov.com) The report will focus on long-term plans and how it will funnel resources to developing the technology, a Defense official said.

Here’s how much a new artificial intelligence center could cost (C4ISRNET) New reprogramming budget documents reveal how much the Pentagon plans to spend on the new Joint Artificial Intelligence Center.

Academia

UWF leading Florida's cybersecurity training for 2018 elections (Pensacola News Journal) The University of West Florida is training Florida supervisors of elections and their key personnel to guard themselves against cyberattacks

Female Network Will Deter Cybersecurity Threats (US News & World Report) Promoting cybersecurity careers and connecting with students will help boost women's participation in the industry.

Legislation, Policy and Regulation

Was the Helsinki Summit Worth It? (The National Interest) The Helsinki summit set the right course for the United States and Russia in defusing tensions—until the last thirty minutes.

Forget the Summit: How Trump Let Putin Win the Cyber-Security War (The Hive) Trump’s continued denial of Russian election interference sets a dangerous precedent in this era of cyber-warfare—and practically guarantees that it will happen again.

NSA and Cyber Command to coordinate actions to counter Russian election interference in 2018 amid absence of White House guidance (Washington Post) The move by NSA Director Paul Nakasone comes as Trump again dismisses findings of Russian culpability.

Analysis | The Cybersecurity 202: Trump's intel chiefs fight Russia's election interference -- with or without him (Washington Post) But Trump is making it more complicated.

White House Cybersecurity Strategy at a Crossroads (Dark Reading) Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.

Putin proposes a joint cybersecurity group with the US to investigate Russian election meddling (TechCrunch) Over the course of Monday’s controversial Helsinki summit, Russian President Vladimir Putin pushed an agenda that would ostensibly see the U.S. and Russia working side by side as allies. The two countries make stranger bedfellows than ever as just days prior, Trump’s own Department of J…

Trump wants to work with Russia on infosec. Security experts: lol no (Register) Thanks for Putin that out there

Trump calls summit with Putin a great success, ‘even better’ than meeting with NATO allies. Some in GOP disagree. (Washington Post) The president blamed the news media for negative coverage of his performance alongside the Russian leader. Fellow Republicans, however, want him to clarify his statements.

Analysis | The Daily 202: Trump’s Helsinki performance is a ‘final straw’ for some Republicans. Others are just disappointed. (Washington Post) Most criticism is coming from lawmakers who are already retiring or have been Never Trumpers.

Opinion | Trump just gave Putin complete free rein (Washington Post) Trump did not get a single concession or course correction.

Former Intel panel chairman says Trump betrayed US intelligence community (The Hill) A former chairman of the House Intelligence Committee said Tuesday that President Trump betrayed the U.S. intelligence community by accepting Russian President Vladimir Putin's denials about Moscow's interference in the 2016 presidential election.

Former intel chiefs condemn Trump's news conference with Putin (CNN) Former US intelligence chiefs expressed astonishment and condemnation Monday in response to President Donald Trump's comments at Monday's news conference with Russian President Vladimir Putin, with former CIA Director John Brennan calling the US President's performance "nothing short of treasonous."

Putin laughs off election interference question (Washington Examiner) Russian President Vladimir Putin laughed Monday as Fox News reporter Chris Wallace asked him about meddling in the 2016 U.S. election, denying responsibility while defending the hacks he's accused of orchestrating.

Is the U.S. Hypocritical to Criticize Russian Election Meddling? (Foreign Affairs) The United States is simply not engaging in electoral meddling in a manner comparable to Russia’s approach.

Dem calls Russia meddling 'act of war,' urges cyber attack on Moscow banks (The Hill) Rep. Steve Cohen (D-Tenn.) on Tuesday said that Russian hacking efforts against the U.S. amount to an act of war and the U.S. should have countered by launching cyber attacks against the Kremlin.

Why regulation on cyberspace is long overdue in Kenya (The Standard) The level of cyber crime in Kenya, at the moment, is such that businesses are grounding to a halt. Cases of those who have lost money online simply...

Wickr, Linux Australia, Twilio sign open letter against govt’s encryption crackdown ‘mistake’ (CIO) Prime Minister Malcolm Turnbull’s favourite secure messaging app Wickr is among the 76 organisations and individuals that have signed an open letter today calling on his government to reject its plans to ‘undermine strong encryption’.

Litigation, Investigation, and Enforcement

US intel chief stands by assessment of Russian meddling (Tampa Bay Times) The top U.S. intelligence official says assessments of Russian meddling in the 2016 election have been 'clear' and describes the Kremlin's efforts to undermine the United States' democracy as 'ongoing' and 'pervasive.'

The Russia Investigation's Intelligence Is 'A Triumph' -- Trump Should Trust It (Forbes) Trump has little reason to not believe his own intelligence teams over Putin's strong denials, such is the strength of the Russia investigation's intelligence.

Russia did meddle in US election, Donald Trump forced to admit (Times) President Trump lurched into damage control mode last night, insisting that he had “full faith” in his intelligence agencies and conceding that Russia had tried to influence the 2016 election. He...

Putin Explained Away Russian Hackers Because It Exposed Corruption In DNC (Daily Caller) 'Democratic leadership admitted it'

How the Russians broke into the Democrats' email, and how it could have been avoided (CNBC) The Russians started by sending a phony email to "big fish" that was then used to install malware on DNC mail servers, according to the DoJ's indictment of 12 Russians involved.

Bitcoin, malware and 'spearphishing' helped Russian agents hack Democratic Party computers in 2016 election (Los Angeles Times) As Trump prepares to meet Putin in Helsinki, federal prosecutors have painted a detailed and complex portrait that shows how a skilled cadre of Russian intelligence officers hacked Democratic computers and undermined the 2016 U.S. election. Here's how it went down.

Russia proved it is the greatest threat to our democracy (TheHill) Mueller’s indictment is a clear and compelling statement of the fundamentally dire cybersecurity threat we face as a nation.

Robert Mueller Is Fighting a War (Foreign Policy) The special prosecutor's latest indictments prove he's waging more than just a legal battle.

£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder (Graham Cluley) The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.

Google Is Fined $5 Billion by EU in Android Antitrust Case (Wall Street Journal) The EU fined Alphabet’s Google $5 billion, a record for the bloc that could loosen the company’s grip on its biggest growth engine: mobile phones.

Google confirms it will appeal $5 billion EU antitrust fine (TechCrunch) Google has confirmed the expected, that it will indeed appeal the record $5 billion fine that it was handed today by European antitrust regulators for abusing the dominance of its Android operating system. The European Commission announced that it is fining the U.S. firm for “three types of r…

Judge slams FBI for improper cellphone search, stingray use (Ars Technica) "They are not the only instances of sloppy, inappropriate law enforcement work."

Republicans accused Facebook, Google and Twitter of bias. Democrats called the hearing ‘dumb.’ (Washington Post) Facebook, Google and Twitter on Tuesday sought to defend themselves against accusations from Republican lawmakers that the tech giants censor conservative news and views during a congressional hearing that devolved into a political sniping match.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and technical use cases, to explore more deeply the need for security in our connected world. Timely and relevant seminar topics to include a focus on the Internet-of-Things (consumer, industrial and enterprise), identification and authentication, payment and value-added services, premium content protection, device trust, and certification. And, as always, delegates will be able to witness ‘real world’ solutions from our sponsoring/exhibiting member organizations.

upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.