The CyberWire Daily Briefing 7.23.18

Summary

By The CyberWire Staff

A major breach in SingHealth developed over the weekend, affecting approximately 1.5 million citizens of Singapore. The data, which was taken over a period of eight days before the exfiltration was discovered, included name, National Registration Identity Card (NRIC) number, address, gender, race, and date of birth. For some 160 thousand patients, the data taken included details of medicines they'd received.

Singapore officials, while acknowledging the value the data could have if monetized by criminals, think the operation was run by a nation-state. Many have praised the government's response—FireEye pointed out to Bleeping Computer that detection within eight days is orders of magnitude below the regional norm of four-hundred-ninety-eight days—but the incident has prompted calls for a reboot of Singapore's Smart Nation initiatives.

The New York Times, Infosecurity Magazine, TechCrunch, and others report UpGuard's claims that Level One Robotics, which supplies major manufacturers, left 157GB of data exposed on a publicly accessible server. Data from VW, Chrysler, Ford, Toyota, GM, Tesla, and ThyssenKrupp included assembly line schematics, plant floor plans, robotic configurations, request forms for ID badges and VPNs, and non-disclosure agreements.

The Aspen Security Forum wrapped up Saturday after clear, direct warnings from senior US intelligence and law enforcement officials that Russian hacking remained a significant threat to the US. DNI Coats warned of the possibility of a "cyber 9/11," DHS Secretary Nielsen called out Russian interference in elections, and Deputy Attorney General Rosenstein said Russia's not the only cyber power everyone ought to be concerned about.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Cambodia, Canada, China, Ecuador, European Union, Germany, Russia, Singapore, Slovakia, United Kingdom, United States

Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”

Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide. Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.

On the Podcast

In today's podcast, we talk with Palo Alto Networks' Rick Howard, who revisits the metaphor of a cyber moon-shot.

Sponsored Events

Billington Automotive Cybersecurity Summit (Detroit, Michigan, United States, August 3, 2018) Top automotive executives and government representatives will detail the latest cybersecurity threats and best safety practices at the second Billington Automotive Cybersecurity Summit on Aug. 3 at Cobo Center in Detroit. In the age of connected and autonomous cars, cybersecurity is a top priority for automakers and their suppliers.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Schedule a meeting with Terbium Labs at Black Hat. (Las Vegas, Nevada, United States, August 8 - 9, 2018) Matchlight by Terbium Labs is the world's most comprehensive and only fully private dark web monitoring solution, capable of quickly detecting compromised account data and minimizing the damage caused by a data breach. Book a 1:1 session with Terbium Labs' leadership team to learn how Matchlight can help your organization assess its sensitive data exposure on the dark web.

CyberTexas Job Fair, August 14, San Antonio visit ClearedJobs.Net for details. (San Antonio, Texas, United States, August 14, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberTexas Job Fair, August 14 in San Antonio. Meet leading cyber employers including Bank of America, USCYBERCOM, USAA and more.

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA. (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Intel director Dan Coats warns of 'cyber-9/11,' tells Aspen conference Russia is one threat among many (Fox News) President Trump should have issued a more full-throated condemnation this week of Russian election meddling in the 2016 presidential election, Director of National Intelligence Dan Coats said Thursday at the Aspen Security Forum.

What a Cyber 9/11 Would Mean for the U.S. (Fortune) Worst case scenario.

Rosenstein Warns Russia Is Only One Tree in Forest (Infosecurity Magazine) The 2018 Aspen Security Forum highlights cyber-threats to the US.

U.S. Homeland Security Secretary Warns Of Russian Interference In Upcoming Votes (RadioFreeEurope/RadioLiberty) U.S. Homeland Security Secretary Kirstjen Nielsen has said the United States must be ready to resist attempted Russian interference in the country's elections later this year.

DHS chief backs up intel assessment that Russia interfered in US elections (TheHill) Secretary of Homeland Security Kirstjen Nielsen on Thursday said she agreed "full stop" with the Obama-era intelligence assessment that Russia tried to interfere in the 2016 presidential election.

Microsoft Says Russia Has Already Tried to Hack 3 Campaigns in the 2018 Election (Fortune) A group of hackers believed to be tied to Russia’s military have launched spear-phishing campaigns against at least three candidates running for election in 2018, a Microsoft executive said Thursday.

Ex-NSA official: Russian hack of Democrats was 'assembly line operation' (Yahoo) The indictment of 12 Russian intelligence officers gave the public a glimpse into how large Moscow's hacking operation truly is, cybersecurity expert Oren Falkowitz says.

Russia planning massive cyber attack on the UK following diplomatic row over Novichok (MIrror) Security chiefs are convinced Vladimir Putin is intent on causing disruption to undermine Britain following finger-pointing over deadly planting of Novichok in Salisbury

Cambodian Rights Group Hacked Amid Concerns Over China-Linked Cyber Espionage Group (Radio Free Asia) A week ago, TEMP.Periscope infiltrated the computers of several stakeholders in an upcoming election.

Hackers Stole a Third of Singapore's Healthcare Data, Including Prime Minister's (BleepingComputer) Singapore's Ministry of Health (MOH) revealed today that a hacker had breached its IT systems and stolen personal and health-related data on roughly 1.5 million citizens.

SingHealth cyberattack likely by nation state, medical data ‘can fetch a high price’: Experts (Channel NewsAsia) The medical data of a high-ranking government official can also be used to “coerce” the person to provide access to otherwise out-of-reach ...

SingHealth cyber attack: SMS notifications sent to more than 700,000 patients (The Straits Times) More than 700,000 patients who visited SingHealth's specialist outpatient clinics and polyclinics have received text message notifications from SingHealth on whether their data had been stolen, said SingHealth in a statement on Saturday evening (July 21).

SingHealth cyber-attack: what are the concerns? (Enterprise Innovation) It would be unwise to think we have little to worry about over the recent cyber-attack on SingHealth. Identity theft, cyber-espionage, cyber-terrorism and obstacles to Singapore's 'smart nation' initiatives are key concerns.

Shock, anger and worry about stolen data being misused (The Straits Times) Victims of Singapore's largest data breach have expressed shock and anger, saying they are concerned that their personal information could be misused since it has fallen into wrong hands.

SingHealth hack 'worrying' for Singapore but govt response lauded (The Business Times) Cybersecurity experts praised the government's swift response to the cyberattack on SingHealth, but noted that it is "worrying" for Singapore's Smart Nation drive and industries that rely heavily on public confidence.

SingHealth cyber attack: Bite the bullet and reboot Smart Nation (The Straits Times) Cyber attacks have become a way of modern life and show how vulnerable Singapore's Smart Nation endeavours are to such threats, writes ST senior tech correspondent Irene Tham.

SingHealth Scammers Try to Cash in on Major Breach (Infosecurity Magazine) Hackers Stole Data on 1.5 million Patients

Robotics Supplier Error Leaks Decade of Data from Carmakers (Infosecurity Magazine) VW, Chryster, Ford, GM, Tesla and more affected by privacy leak

‘Big Red Flag’: Automakers’ Trade Secrets Exposed in Data Leak (New York Times) A small contractor’s unguarded server accidentally revealed a trove of corporate documents from Tesla, Toyota, Volkswagen and other manufacturers.

Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota (TechCrunch) Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics. The exposure via Level On…

Increase in Attacks on GPON Routers (eSentire) eSentire Threat Intelligence has observed an increase in exploitation attempts targeting consumer grade network devices manufactured by Dasan and D-Link.Cu...

eSentire Observes an Increase in Exploitation Attempts Against Routers (eSentire) On July 19, 2018, eSentire observed an increase in exploitation attempts targeting Small-Office/Home Office (SOHO) network devices manufactured by Dasan an...

Got Huawei router? Here's a warning (Gadget Now) According to a report in Bleeping Computer, this new botnet was first spotted this week by security researchers from a cybersecurity company called NewSky Security.

DNS rebinding attack puts half a billion IoT devices at risk (HackRead) A billion smart devices being used around the globe are vulnerable to a decade-old attack called DNS rebinding.

Facebook Suspends Analytics Firm on Concerns About Sharing of Public User-Data (Wall Street Journal) Facebook said it was suspending analytics firm Crimson Hexagon while it investigates whether the firm’s government contracts violate Facebook policies.

Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router (BleepingComputer) A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router.

Sinister Emojis & Critical Oracle Patch Among New Cybersecurity Worries (Credit Union Times) Emojis have become the bait-of-choice for scammers.

Adult Site Blackmail Spammers made Over $50K in One Week (BleepingComputer) After examining 42 bitcoin addresses associated with a current extortion scam, it was discovered that over $50,000 USD in payments have been made.

Beware of freebies on internet, Kaspersky Lab warns (Vanguard News) Kaspersky Lab experts have warned internet users to be wary of fake websites offering gift cards online. They said cybercriminals are able to “sell” users’ data registered for the gifts to third party partner sites, to which they redirect victims.

Who Are ComplyRight's Security Employees? (Infosecurity Magazine) Post-breach efforts to talk with ComplyRight's security department turn up empty for Brian Krebs.

Renewable resources can increase cyber threats (Control Global) Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats as utility-scale solar facilities can utilize hundreds of thousands of solar panels with little to no cyber security.

Alert: Gmail users warned of cyber attack (Khaleej Times) The new feature can require users to click a link in order to access the messages.

What the Incident Responders Saw (Dark Reading) New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.

Security Patches, Mitigations, and Software Updates

Adobe Patches Vulnerability Affecting Internal Systems (SecurityWeek) Adobe patches potentially serious code injection vulnerability affecting some of its internal systems, but the company downplayed its impact

Cyber Trends

5 Fierce Facts About Cybersecurity You Probably Don’t Want to Hear (NULL TX) Just when you thought you'd heard the worst, new research reveals some alarming findings about cybersecurity.

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners (FireEye) Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized.

A Cyber Axis of Evil is Rewriting the Cyber Kill Chain (SecurityWeek) Carbon Black's Tom Kellermann doesn't think an understanding of the source of the attacks is an important as an understanding of how they are being operated.

Insider security threats fall following GDPR (IT Pro Portal) Some cyber threats are shrinking in the UK and Germany, new research suggests.

Marketplace

Exploring the dynamics of the attacker economy (Help Net Security) Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings, and they’re not alone.

Pay-n-pray cybersecurity isn’t working. What if we just paid when it works? (Digital Trends) Like home security, people would often rather not think about cybersecurity once they’ve paid for it. They’d rather pay and pray.

With cyber forces underequipped, DoD turns to rapid prototyping contracting (Fifth Domain) DoD is using rapid prototyping authorities to equip its cyber warriors.

How Will Healthcare Cybersecurity Issues Impact Acquisitions? (Security Intelligence) Healthcare cybersecurity is now the primary concern during acquisitions in this expanding industry. Business owners can take proactive steps to secure digital infrastructure before issues arise.

China Mobile may well have paid the price of the trade war (South China Morning Post) The Chinese telecoms company’s application to build its own network in America has been denied by US officials on the grounds of national security. But it is hard not to see the decision as fallout from the Sino-US trade war

ZTE ready to recapture IT market as US lifts ban (Daily Times) In a major development, the United States has lifted its trade ban on China’s telecom giant, ZTE, making way for the company to once again commence trade with American companies after three months of being unable to do so. “Secretary of Commerce Wilbur Ross announced that Zhongxing Telecommunications Equipment Corporation of Shenzhen, China (“ZTE …

Cybersecurity Stocks Are Red-Hot As Election Looms (Nasdaq) Over the past few years, the digital and tech world has been witnessing an explosion in cyberattacks that take all manner of incarnations-- DDoS (distributed denial-of-service) attacks, corporate espionage, malware, ransomware and full-on campaign hacking.

Buy This Cybersecurity ETF Before Midterms (Seeking Alpha) We're increasingly living in a digital world where securing all of our personal information and data is becoming top priority. After the Russian hacks on the 20

Tall Poppy aims to make online harassment protection an employee benefit (TechCrunch) For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back. Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work…

Novetta Launches Machine Learning Center of Excellence (PRNewswire) Focal point for mission-focused machine learning engineering, research and development, and collaboration

Zix Corporation Has Been On A Tear Since February 2018 (Seeking Alpha) Cybersecurity is a hot sector in 2018 - Zix is riding the trend.

Auto Immune - A Simple Metaphor Has Helped Darktrace Achieve Unicorn Status (Forbes) With its R&D in the US and a second headquarters in San Francisco, Darktrace has has global sales on its mind since day one. CEO Nicole Eagan explains how a cybersecurity company founded in 2013 has attained unicorn status in just five years

CyberMDX Raises to $10M to Fight The Inevitable Rise of Medical Hackers (AlleyWatch) A company that is embarking on an honorable institution: to protect the places that are saving lives

Report: CGI Federal Lands $530M Cyber Task Order Under CDM DEFEND (GovCon Wire) CGI’s (NYSE: GIB) federal business has received a potential $530 million task order to provide cyber

Cyber media company in Fulton raising $1.8 million to add staff, products (Baltimore Business Journal) A cyber-focused media company located in Fulton is looking to raise up to $1.8 million as it aims to grow its staff and product lines.

Deloitte launches women in cyber initiative to help close tech gender gap (Accountancy Age) Currently women only represent 11% of the global cyber security workforce despite talent shortages in the cyber industry

RiskIQ Taps Growth Leader Dan Schoenbaum as President and Chief Operating Officer (GlobeNewswire News Room) Distinguished Tech Executive to Help Digital Threat Management Leader Drive Growth

Products, Services, and Solutions

Verimatrix Announces Veriteem Distributed Ledger Technology to Address Security Gaps for Blockchain Applications (PRNewswire) Open Source Technology Creates Foundation to Build Secure Compliance Ledger for IoT Applications

ForgeRock rolls out technical sandbox for Open Banking testing (Paypers) ForgeRock, a platform provider of digital identity management solutions, has announced the availability of the ForgeRock Open Banking Directory.

IBM sees its future in blockchain (TheStreet) IBM says that its 'strategic imperatives' -- which include cloud, security and analytics -- made up more than half of its Q2 revenues.

Symantec Improves Email Security With Threat Isolation Technology (eWEEK) Symantec brings its threat isolation capabilities to email in an effort to help protect organizations against phishing and ransomware attacks.

Equinix completes integration of Verizon data centres (The Stack) Equinix has finished the integration of Terremark Federal Group (TFG) into its government portfolio, finishing its integration of 29 Verizon data centres.

DPI solution from Rohde & Schwarz helps Indigo Software reach new high in customer satisfaction (Rohde & Schwarz) Indigo Software embeds the deep packet inspection (DPI) engine R&S®PACE 2 into their web application security solution to enhance network protection and management. With the new traffic analytics capabilities, Indigo Software has been empowered to expand their business to highly regulated industries and markets.

Technologies, Techniques, and Standards

How Americans Wound Up on Twitter's List of Russian Bots (WIRED) Researchers analyzing the pattern of tweets say 20 or more real Americans may have been erroneously included on a list given to Congress, and later publicized.

FERC directs enhanced reporting of cyberattacks on US power grid (S&P Global) US federal regulators Thursday directed the nation s grid electric reliability organization to expand requirements to report cybersecurity incidents to include unsuccessful attacks that might lay the

Why the Best Defense Is a Good Offensive Security Strategy (Security Intelligence) When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker stereotype.

Financial Industry Insiders Put the Keys to the Kingdom at Risk (SecurityWeek) Monitoring for illicit insider activity shouldn’t focus exclusively on dark web and criminal forums. Instead, start by looking inside.

How to Protect Businesses from Phishing, Spear-Phishing and Whaling (Technology Solutions That Drive Business) As scams get more sophisticated, IT teams must increase their cyberawareness.

Here's what cybersecurity professionals at companies actually do, and why they're so vital (CNBC) A rundown of all the roles filled by the Chief Information Security Officer (CISO) and staff, with real-world examples of problems that can occur in each role.

Top Army cyber leaders visit Muscatatuck cyber training exercise (DVIDS) Senior leaders from United States Army Cyber Command and Army Intelligence and Security Command visited Muscatatuck Urban Training Center for a cyber test and evaluation exercise.

Muscatatuck’s cyber warfare training interests Army secretary (The Republic) Rapid developments in cyber warfare and the need for those skills to defend the United States make Muscatatuck Urban Training Complex important, the secretary of the U.S. Army said. Mark T. Esper visited the military installation in Jennings County on Friday afternoon as part of his assessment of the state's military readiness. A

Research and Development

AI Companies & Cybersecurity:The Race To Build Artificial Intelligence Defenses (Investor's Business Daily) Artificial intelligence, for all its promise, presents grave risks if put in the wrong hands. But startup AI companies, cybersecurity firms and tech giants like Google aim to fight the bad guys with their own AI. For investors tracking AI’s impact, cybersecurity is a key sector to watch.

Academia

Army partners with UMBC to train tool developers for the future fight (DVIDS) FORT GEORGE G. MEADE, Md. – The 780th Military Intelligence (MI) Brigade (Cyber) has partnered with the University of Maryland Baltimore College (UMBC) Training Center to design a Tool Developers Qualification Course (TDQC) which produces computer programmers for the U.S. Army and the fourth class graduated on July 13 at the post theater.

Visually impaired students get taste of cyber careers at Cyber Summer Camp (Bossier Press-Tribune) A week-long cyber summer camp gave visually impaired high schoolers a taste of cyber curriculum and inspired them to pursue careers in the field. The July 16-20 camp culminated Friday at the Louisiana Association for the Blind’s Low Vision Rehabilitation Facility in Shreveport. Funded by L.A.B. and led by NICERC (National Integrated Cyber Education Research …

Legislation, Policy and Regulation

NSA Chief Forms Group to Counter Russian Threat (Bloomberg.com) Paul Nakasone, U.S. cyber commander and director of the National Security Agency, confirmed that he’s created a special task force to address Russian threats in cyberspace.

The Guardian view on cybersecurity: trust – but verify (the Guardian) Editorial: The use of Chinese-made equipment in Britain’s broadband infrastructure demands, and gets, careful scrutiny

Congress Ends Bid to Undo Trump Deal to Save China’s ZTE (Wall Street Journal) Congress abandoned a bipartisan attempt to undo President Donald Trump’s deal with Beijing to save Chinese telecommunications giant ZTE Corp.

Can Anything Stop Cyber Attacks? (Knowledge@Wharton) The U.S. must wake up to the seriousness of cyber attacks on its economy and way of life, experts said at the Penn Wharton Budget Model’s Policy Forum.

DHS official: States must be 'much more precise' when requesting election security funding (TheHill) The head of the Department of Homeland Security’s (DHS) cyber and critical infrastructure protection efforts said Friday that states must be "much more precise" in their election security funding requests to Congress.

Who Should Foot the Bill for a Secure Election System? (The Fiscal Times) In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security fundi

Litigation, Investigation, and Enforcement

Canada spies denied warrant to collect intelligence abroad (The Straits Times) The Canadian Security Intelligence Service (CSIS) cannot spy outside of Canada unless national security is clearly at risk, a federal court judge ruled, denying the agency a warrant to do so.. Read more at straitstimes.com.

Ecuador may be close to ejecting WikiLeaks founder Julian Assange from its London embassy (WFMY) Ecuador appears close to ejecting WikiLeaks' founder from embassy

Russian billionaire with U.S. investments backed alleged agent Maria Butina, according to a person familiar with her Senate testimony (Washington Post) Konstantin Nikolaev, a transportation magnate who was in Washington during President Trump’s inauguration, was in contact with Butina as she launched a gun rights group.

Slovak company joins forces with Europol’s cybercrime centre (Slovak Spectator) ESET’s researcher will represent the Slovak cyber-security company at the Europol advisory group on internet security.

The Clinton State Department’s Major Security Breach That Everyone Is Ignoring (The Daily Signal) The media virtually ignored an exchange between Rep. Louie Gohmert and the FBI's Peter Strzok that revealed a potential bombshell.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

National Insider Threat Special Interest Group (NITSIG) - Insider Threat Symposium & Expo (Laurel, Maryland, USA, October 19, 2018) The NITSIG will hold an Insider Threat Symposium & Expo (ITS&E), on October 19, 2018, at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This is a must attend event if you are involved in Insider Threat Program (ITP) Management or Insider Threat Risk Mitigation. We have some outstanding speakers lined up with hands-on experience: Insider Threat Risk Mitigation Subject Matter Experts, managing or supporting ITPs, who work for the US Government, Defense contractors and private sector businesses. The symposium and expo will focus on, and provide guidance on developing, managing or enhancing an Insider Threat Program (ITP) / ITP Working Group, ITP Unintended Impacts / Consequences / Challenges, Insider Threat Fraud, Employee Threat Identification and Mitigation, Employee User Activity Monitoring, Protecting Controlled Unclassified Information and more.

upcoming Events

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.