The CyberWire Daily Briefing 7.24.18

Summary

By The CyberWire Staff

A vulnerability found in Bluetooth Secure Connections Pairing and Secure Simple Pairing can expose paired devices to man-in-the-middle attacks. You'd need to be within wireless range to exploit the vulnerability, but that's possible for a war driver or even an evil maid.

Speaking of evil maid attacks, where someone with physical access to an unattended machine compromises it, they've been regarded as interesting outliers, less common than other forms of attack, perhaps sufficiently time-consuming and complex to be regarded as relatively unlikely. Security firm Eclypsium has posted a demonstration video, however, that shows how a firmware backdoor could be installed in a laptop in under five minutes, which would leave the evil maids plenty of time to make the bed, empty the trash, and pocket the tip.

Trend Micro reports a spike in what appear to be Satori infestations that are using open Android Debug Bridge (ADB) ports to install themselves.

Microsoft's July patches include a patch of a patch—a zero-day fix made in May to a VBScript engine bug open to exploitation by Internet Explorer turned out not to fix things at all. But fixed now.

Security experts continue to expect renewed Russian attention to electrical power grids in the UK and the US, the period of relative restraint coinciding with the World Cup having ended when France edged Croatia.

Singapore continues to take the measure of the SingHealth breach. The attackers seemed principally interested in the Prime Minister's records, but they scooped up millions of others', too.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, European Union, India, Israel, Russia, Singapore, United Kingdom, United States

Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”

Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide. Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.

On the Podcast

In today's podcast, we speak with our partners from Terbium Labs, as Emily Wilson shares her experience attending a conference for professionals working to fight fraud. Our guest, Brian Martin from Risk Based Security, discusses what they found when they looked into the Click2Gov service.

And Recorded Future's latest podcast, produced in cooperation with the CyberWire, is also up. The topic this week is securing your firmware, that system-level code that runs deep within the devices you rely on every day.

Sponsored Events

Billington Automotive Cybersecurity Summit (Detroit, Michigan, United States, August 3, 2018) Top automotive executives and government representatives will detail the latest cybersecurity threats and best safety practices at the second Billington Automotive Cybersecurity Summit on Aug. 3 at Cobo Center in Detroit. In the age of connected and autonomous cars, cybersecurity is a top priority for automakers and their suppliers.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Schedule a meeting with Terbium Labs at Black Hat. (Las Vegas, Nevada, United States, August 8 - 9, 2018) Matchlight by Terbium Labs is the world's most comprehensive and only fully private dark web monitoring solution, capable of quickly detecting compromised account data and minimizing the damage caused by a data breach. Book a 1:1 session with Terbium Labs' leadership team to learn how Matchlight can help your organization assess its sensitive data exposure on the dark web.

CyberTexas Job Fair, August 14, San Antonio visit ClearedJobs.Net for details. (San Antonio, Texas, United States, August 14, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberTexas Job Fair, August 14 in San Antonio. Meet leading cyber employers including Bank of America, USCYBERCOM, USAA and more.

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA. (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Singaporeans left reeling after cyber attack strikes 1.5 million people (OpenGovAsia) Police investigations note hackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal information - opengovasia.com

Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say (Wall Street Journal) Hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.

Russian cyber attack fear now the World Cup is over (Express.co.uk) BRITAIN should be on guard for a Russian cyber attack now the World Cup and Trump-Putin summit are over.

Critical Start Uncovers Security Vulnerability In VMware NSX SD-WAN By Velocloud (PRNewswire) Critical Start's Section 8 Penetration Testing Team Discovered Unauthenticated Command Injection Vulnerability Affecting Routers, Switches and Firewalls

Bluetooth vulnerability allows snooping of traffic between paired devices (Help Net Security) The Bluetooth CVE-2018-5383 flaw could be exploited by attackers to monitor and fiddle with the traffic between two connected devices.

The Bluetooth “device snooping bug” – what you need to know (Naked Security) “Curiouser and curiouser,” said Alice. “I wonder what all these security bulletins are for?”

Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes (Motherboard) This demo shows that “evil maid attacks,” hacks where an attacker has physical access to a target computer, are not as complicated as you may think.

Millions of IoT devices vulnerable to decade-old DNS rebinding attacks (CSO Online) Researchers warned that 496 million smart devices used by enterprises and in homes are vulnerable to DNS rebinding attacks.

New Spectre-Level Flaw Targets Return Stack Buffer (Threatpost) The most recent Spectre-class flaw targets a component in CPUs called the return stack buffer.

Gmail s new Confidential Mode Feature is Entirely a New Route to Phishing Attacks DHS (BW CIOWORLD) The tool could make it easier for cybercriminals to pretend to be someone else

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices (TrendLabs Security Intelligence Blog) Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

Names and photos of Venmo ‘drug buyers’ published on Twitter (Naked Security) The bot scraped Venmo’s public API for sex, drugs and alcohol-related words, then tweeted profile photos and first names of the “buyers.”

Phishing in the Deep End: The Growing Threat of Attacks Beyond Email (Infosecurity Magazine) The primary target has now become the unsuspecting person using these devices and systems.

Despite Flashy Attacks, Healthcare Ransomware Attacks Decline (HealthITSecurity) Even with some well-publicized ransomware attacks against healthcare organizations this year, healthcare ransomware attacks are on the decline.

Cryptocurrencies Criminal Activities - A Multi Billion Industry (FX Empire) Criminal activities tied to cryptocurrencies are on the rise. According to CipherTrace, a developer of forensic tools and services for blockchain, the amount of money laundering through illegal cryptocurrency trading activity could hit the $1.5 billion mark before the end of the year.

Software is Achilles Heel of Hardware Cryptocurrency Wallets (Dark Reading) Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.

Security Patches, Mitigations, and Software Updates

Why your website is officially ‘not secure’ from today (Naked Security) Chrome will mark all HTTP sites as “not secure” starting on Tuesday – an important milestone on the road to HTTPS everywhere.

IBM fixes flaw that let hackers replace its serverless code with their own (HackRead) IBM has fixed a vulnerability which if exploited could allow remote malicious hackers to replace company's serverless code with their own.

That IE Zero-Day From May Needed a Second Patch in July (BleepingComputer) The July Patch Tuesday that was delivered two weeks ago included a second patch for an Internet Explorer zero-day discovered and initially fixed by Microsoft in May.

If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching (Register) VBScript hole 'fixed' in May actually left open for months

FIX: Bitdefender won’t auto update on Windows 10 (Windows Report) If your Bitdefender antivirus fails to install the latest updates on your PC, read this guide to learn how you can fix the issue.

Verizon LG V30, Moto Z2 Force Updated With July Security Patch (Droid Life) Verizon is pushing the July security patch out to owners of the LG V30 and Moto Z2 Force. For V30 owners, look to see software version VS99620e following the update, while Z2 Force owners can expect to find ODXS27.109-34-14 after updating. Nothing else is listed in the changelogs, so if you own...

WhatsApp limits message forwarding in response to lynchings (Naked Security) New restrictions in the WhatsApp messaging app are designed to combat a spate of mob lynchings.

Facebook, Google, Microsoft and Twitter make leaving easier (Naked Security) The Data Transfer Project will allow users to move their data easily between participating services.

Cyber Trends

Securing the supply chain (CrowdStrike) 1,300 senior IT decision makers and IT security professionals were interviewed in April and May 2018 split in the following ways...

Security concerns around the rapidly growing use of the Industrial Internet of Things (Help Net Security) Learn about the challenges of protecting IIoT, a subset of the IoT focusing on the application of connected physical devices within critical infrastructure.

Privacy pros gaining control of technology decision-making over IT (Help Net Security) TrustArc and IAPP announced the results of new research that examined how privacy technology is bought and deployed to address privacy and data protection

Beware the botnet lurking unseen on your computer (Irish Examiner) In the ever-growing realm of cybercrime, the botnet is another technology villain to give all computer users sleepless nights.

Cyberattacks the number one external threat to Aussie businesses: report (CRN Australia) A third of companies surveyed don't have a cybersec plan in operation.

Marketplace

Nakasone: Why DOD needs to engage industry despite controversy (FCW) NSA Director and U.S. Cyber Command head Gen. Paul Nakasone said that engagement with the private sector is paramount even when there’s reticence.

Quantum computing revenue to hit $15 billion in 2028 due to AI, R&D, cybersecurity (Help Net Security) Total quantum computing revenue generated from quantum computing services will exceed US$15 billion by 2028, forecasts ABI Research.

IBM wants everyone to marvel at the size of its Strategic Imperatives (Register) But Wall St thinks mainframe is what's perking up numbers

Alphabet shrugs off EU’s record €4.3bn fine (Times) Google’s owner smashed Wall Street’s forecasts with its second-quarter results last night to put its shares on course for an all-time high today. Alphabet confirmed that it took a $5.1 billion...

Siemplify Raises $14 Million as Market for Security Orchestration Accelerates (Siemplify) Siemplify, the leading innovator in security orchestration, automation and response (SOAR) announced it raised $14 million in Series B funding to further capitalize on explosive SOAR market demand.

Accenture forms alliance and invests in Ripjar (Help Net Security) Accenture’s new alliance with Ripjar to enhance client solutions in public safety, financial crime, and prevention and detection of cyberattacks.

Mergers: Commission opens in-depth investigation into proposed acquisition of Gemalto by Thales (Europa) The European Commission has opened an in-depth investigation to assess the proposed acquisition of Gemalto by Thales under the EU Merger Regulation. The Commission is concerned that the merger could lead to higher prices and reduce choice and innovation for customers

Verint merger talks with Israel's NSO Group terminated: source (Reuters) Talks for U.S. software company Verint Systems to merge its security division with Israeli cyber surveillance firm NSO Group for about $1 billion have ended without a deal being reached, a source close to the negotiations said on Monday.

Dave Wajsgras: Raytheon in ‘Full Operational Mode’ on $1B DHS DOMino Cyber Contract (ExecutiveBiz) Dave Wajsgras, president of Raytheon’s intelligence, information and services business, told Federal News Radio executive editor Jason Miller in an interview published Friday that the company is now in a “full operational mode” on a potential five-year, $1 billion cybersecurity contract with the Department of Homeland Security. He said the Development, Operations and Maintenance contract...

DFLabs to Discuss How to Overcome Shortage of Skilled Security Operations Staff at SANS SOC Summit (BusinessWire) DFLabs cyber security training expert to explain how to overcome shortage of skilled security operations staff using knowledge transfer best practices

The new Neustar has a new CEO — and it's vacating some office space (Washington Business Journal) Information services company Neustar has appointed private equity executive Charles Gottdiener as CEO, replacing Lisa Hook, who has led the company for nearly a decade.

F5 Networks appoints Michel Combes to board of directors (Help Net Security) F5 Networks appoints Michel Combes, CEO of Sprint, to its board of directors. Combes has experience in the telecommunications and technology industries.

Products, Services, and Solutions

NSS Labs Expands 2018 NGFW Group Test with SSL/TLS Security and Performance Test Reports (NSS Labs) 10 Leading NGFW Products Tested for SSL/TLS Cipher Functionality and Performance

Corelight Earns FIPS 140-2 Certification for Full Portfolio of Network Sensors (GlobeNewswire News Room) Corelight Helps Public Sector Organizations and Institutions to defend themselves against attackers by providing complete network visibility: the ‘right data at the right time.’

Flashpoint Introduces Threat Response & Readiness Subscription (Flashpoint) Flashpoint, the global leader in Business Risk Intelligence (BRI), has today unveiled its new Threat Response & Readiness Subscription, a planning and preparedness service that …

A New Anti-Virus App Uses Artificial Intelligence to Protect Your Computer (KTLA) A look at Cylance Smart Antivirus software, which uses artificial intelligence and machine learning in an effort to protect your computer better than traditional programs.  A company named Cylance is bringing it's effective approach to anti-virus protection to the masses with a new consumer version of its software. Previously, it was only available to businesses. Cylance Smart Antivirus uses artificial intelligence and machine learning to protect your system in a totally new way.

CloudBees launches Kubernetes application on Google Cloud Platform Marketplace (Help Net Security) CloudBees offers enterprises a way to run their software delivery pipelines on-premise and in the cloud by leveraging Google Cloud Platform and Kubernetes.

RedLock announces innovations and adoption for Google Cloud Platform (Help Net Security) RedLock Cloud 360 platform features enable security visibility into Google Cloud Platform, network monitoring, and compliance with mandates.

Estonia's Guardtime develops cybersecurity solution for US elections (ERR) Estonian software security company Guardtime in cooperation with Swiss security technology company SICPA has developed a new election security solution for US elections which will offer blockchain-enabled protection of voter registries.

Technologies, Techniques, and Standards

Securing the supply chain: Organizations need best practices in proactive security (Help Net Security) CrowdStrike announced the results of its global supply chain survey, Securing the Supply Chain, produced by research firm Vanson Bourne. The study

Geographic Normalization of Web Attack Data (Akamai) Data without context is arguably useless. If some variable of interest has a strong and inherent relationship with another, little understanding of the system can be gained if that relationship isn't considered. This consideration is just as...

Google hasn’t suffered an employee phishing compromise in over a year (Naked Security) Phishing attackers have failed to compromise a single employee account at Google since the company mandated authentication using U2F hardware tokens in early 2017. That’s the remarkable claim made …

Google: Security Keys Neutralized Employee Phishing (KrebsOnSecurity) Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

The evolution of email fraud: Risks and protection tips (Help Net Security) Marc Chouinard, Email Security Operations Lead at Vircom talks about email fraud, BEC scams, and the evolution of email threats.

Is paying the ransom worth it? (Peerlyst) Even as cryptojacking malware becomes more common than ransomware, ransomware is still going strong and hurting both consumers and enterprises

Security: The job sucks (CIO Dive) But with the right steps, this job doesn't have to suck. Keep the lines of communication open, find signals and anomalies that matter and advocate for security experts everywhere.

How U.S. intelligence agencies can find out what Trump told Putin (POLITICO) A top-secret Special Collection Service has extraordinary capabilities to hoover up intel from foreign adversaries.

Design and Innovation

Microsoft, Google, Facebook, Twitter Launch Data Transfer Project (Dark Reading) The open-source Data Transfer Project, intended to simplify and protect data transfer across apps, comes at a sensitive time for many of the participating organizations.

Just Eat's first CISO is building security in from the ground up (Computing) Kevin Fielder, CISO of food delivery service Just Eat, is using gamification and automation to bring security to the forefront

Science Fiction Is Not Social Reality (Motherboard) The tech industry is inspired to create our world from linear, scripted science fiction stories.

Why Is Google Translate Spitting Out Sinister Religious Prophecies? (Motherboard) Google Translate is moonlighting as a deranged oracle—and experts say it’s likely because of the spooky nature of neural networks.

Research and Development

DARPA dedicates $75 million (to start) into reinventing chip tech (TechCrunch) The Defense Department's research arm, DARPA, is throwing a event around its "Electronics Resurgence Initiative," an effort to leapfrog existing chip tech by funding powerful but unproven new ideas percolating in the industry. It plans to spend up to $1.5 billion on this over the years, of which ab…

DHS S&T Awards $200K to British Columbia Startup to Improve Security of IoT Devices (Newswise) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a $200,000 award today to Plurilock Security Solutions, Inc. to develop an identity management (IdM) platform to improve the security capabilities of smart devices, sensors and other devices that connect and operate across the cybersphere.

Legislation, Policy and Regulation

New leader wants Cyber Command to be more aggressive (Fifth Domain) The head of Cyber Command has laid out an approach of continuous engagement with competitors in cyberspace.

America's in a cyberwar and 'I am not convinced we're winning,' former House intel chair says (CIO Dive) There's a machine learning arms race taking place between system defenders and hackers, and the advantage boils down to who has the most training data.

Analysis | The Cybersecurity 202: 'We have to work together.' Government struggling with sharing cyberthreat information, officials say (Washington Post) There's a long road ahead to successful public-private cooperation.

DOJ to publicly disclose election tampering schemes (Naked Security) Under a new policy, US organizations and individuals will be told if they’re the target of foreign operations trying to influence elections.

AG Balderas Leads Coalition of 21 Attorneys General Urging Congress to Protect the Integrity of Our Elections (Yuba Net) Today, Attorney General Hector Balderas led a bipartisan coalition of 21Attorneys General in urging congressional leaders to improve American cyber security and protect the integrity of the upcoming 2018 midterm election, and elections to come, against cyberattacks and infiltrations like the ones committed by Russia in 2016.

Analysis | The Cybersecurity 202: Justice Department to mount another encryption push despite setbacks (Washington Post) Buckle up.

Your Gov Needs You To Help Develop the UK Cybersecurity Profession (Infosecurity Magazine) Consultation has begun on a new Government-sponsored cybersecurity profession standard

Litigation, Investigation, and Enforcement

GCHQ's mass surveillance ruled illegal by Investigatory Powers Tribunal (omputing) Telecoms companies didn't bother checking whether data demands from GCHQ were lawful

Trump again reverses course on Russian interference, calls it ‘all a big hoax’ (Washington Post) In an evening tweet, the president once more muddied the waters on whether he thinks Russia meddled in the 2016 campaign.

Trump calls for end of Mueller probe, saying it’s ‘discredited’ by Carter Page surveillance (Washington Post) In a series of tweets, the president falsely claimed that the special counsel’s investigation was prompted by the surveillance.

Analysis | Kirstjen Nielsen’s claim that U.S. election systems weren’t targeted to favor Trump (Washington Post) The Homeland Security secretary left out that Russians apparently gained access to U.S. election systems and stole 500,000 voter records in one state.

Trump, citing politics, looking to revoke security clearances (CNN) President Donald Trump is considering stripping a half-dozen former national security officials of their security clearances, White House press secretary Sarah Sanders said Monday, calling their public commentary about the ongoing Russia probe inappropriate.

Surrey Police Take £1m+ in Digital Currency for Government Coffers (Infosecurity Magazine) Officers seized the Bitcoin from Latvian criminal

City of London Police Launches Cryptocurrency Training (Infosecurity Magazine) Officers get new courses to improve their cyber-skills

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M (KrebsOnSecurity) Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

24 people have now been sentenced in India-based phone-scam case (Ars Technica) After pleading guilty, a new group of 21 defendants was recently sentenced.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO which incorporates Cyber Security X, Developer X, AI-Analytics X, Internet of Things X and Blockchain X.

upcoming Events

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.