The CyberWire Daily Briefing 5.1.18

Summary

By The CyberWire Staff

Mexico's central bank continues its investigation into a possible cyberattack against payment systems. Connections between the central bank and three financial institutions—two banks and a brokerage—appear to have been disrupted in a cyber incident.

SamSam ransomware continues its malign spread, rapidly propagating copies of itself across targeted enterprises.

Distil Networks' 2018 Bad Bot Report is out. The company's research finds that account takeover attempts jump by roughly 300% in the wake of a major, publicly announced breach.

Hackers are actively scanning for vulnerable Oracle WebLogic Servers, patched earlier this month. The patch proved incomplete, and the vulnerability was weaponized with unusual speed.

The recently patched Drupal vulnerability CVE-2018-7602 was also swiftly weaponized, and is being actively exploited in the wild.

Researchers at Computest report proof-of-concept hacking of in-vehicle infotainment systems in the Volkswagen Golf GTE and the Audi A3 Sportback. Exploitation could permit hackers to track the car.

Moscow-based security firm Gleg, which BoingBoing breathlessly calls a "cyber arms dealer," offers a subscription under which customers receive zero-days for healthcare-related software. The annual charge is $4000.

Motherboard points out that the zero-days are marketed for use in conjunction with penetration-testing, specifically with Immunity's Canvas tool. This isn't a black market operation, but it does highlight the very different perspectives circulating concerning disclosure of vulnerability research results. Gleg's Yuriy Gurkin gave the company's perspective on proper practice in an email to Motherboard: "To disclose is not an obligation."

Hirschmann has patched flaws Positive Technologies discovered in Hirschmann's ICS switches.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Russia, United Kingdom, and United States.

There's a better way to stop data loss. Learn more!

Data loss is a big problem. Every organization that deals with electronic data needs to have a data loss prevention strategy in place. ObserveIT’s white paper, Building a Strategy for the Post-DLP World, explores how organizations have been dealing with data loss to date, why these strategies are failing, and what a better path forward looks like. Get information you need to build a data loss prevention strategy that works for the modern organization. Download your free copy.

On the Podcast

In today's podcast, we hear from our partners at Terbium Labs, as Emily Wilson discusses recent takedowns of Reddit content. Our guest is Patrick Peterson from Agari, who describes Brand Indicators for Message Identification (BIMI), a proposed standard to better secure email.

Sponsored Events

HackNYC2018 (New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Mexico central bank says possible cyber attack targets payment systems (Reuters) Mexico's central bank said on Monday it was investigating an apparent attempt to hack into the payment systems of at least three local financial institutions, but no funds were stolen.

SamSam ransomware designed to inundate targeted networks with thousands of copies of itself (SC Media US) The SamSam ransomware campaign responsible for recently infecting the city of Atlanta, the Colorado Department of Transportation, and an array of health ca

Ransomware attack: a cautionary example from one small business (Security Boulevard) “You feel invaded and vulnerable. This was his business, his baby, and it could all be over because some hackers were after a bit of cash.”

Hackers target Oracle WebLogic Servers following botched patch (Computing) Oracle failed to fix the core security flaw on WebLogic Server with its latest patches, claim security specialists

Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch (BleepingComputer) For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory.

Industroyer: An in-depth look at the culprit behind Ukraine's power grid blackout (ZDNet) Malware which speaks the language of industrial machines is a danger to all of our critical services.

Volkswagen and Audi Cars Vulnerable to Remote Hacking (BleepingComputer) A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking.

New Data Reveals Public Breaches Spur 300 Percent Increase in Account Takeover Attempts (Distil Networks) Distil Research Labs releases data uncovering the anatomy of account takeover attacks

The Anatomy of Account Takeover Attacks (Distil Networks) Bad bots are on every website with a login page. Even yours.

Why Legitimate Websites Move To The Dark Side With Cryptomining (Information Security Buzz) Check Point researchers have recently discovered a site that although once legitimate has now moved closer to the Dark Side. Back in 2011, OSDSoft was a site offering its audience free video download software to thousands of users around the world. Registered under the name of Ivan Koslov, it also had Facebook, Twitter and YouTube …

Spartacus ransomware: introduction to a strain of unsophisticated malware (Security Boulevard) Spartacus ransomware is a fairly new variant seen in 2018.

For $4k/year, Moscow cyber-arms-dealer Gleg will sell you 25 0-day bugs for attacking hospitals (Boing Boing) For $4k/year, Moscow cyber-arms-dealer Gleg will sell you 25 0-day bugs for attacking hospitals

This Russian Company Sells Zero-Day Exploits for Hospital Software (Motherboard) Moscow-based Gleg provides zero-day exploits for medical software, and those in the medical industry are concerned about disclosure. But the exploits themselves may not be all that important in real world attacks.

KnowBe4 Releases Q1 2018 Top-Clicked Phishing Report (PRWeb) KnowBe4, the world’s largest security awareness training and simulated phishing platform, today shared its Top 10 Global Phishing Email Subject Lines for Q1

Watch out for these top 5 cyber-attack vectors (TechRepublic) Agio CEO and founder Bart McDonough shares best practices for shutting down the most common and dangerous cyber-threats facing businesses and consumers.

iOS 11.3.1 Jailbreak Demonstrated at InfiltrateCon (iClarified) Tencent Keen Security Lab has demonstrated a jailbreak of iOS 11.3.1 at the Infiltrate Security Conference in Miami.

Can the Navy protect this ship from hackers? (Fifth Domain) The Department of Defense IG found cyber deficiencies in the Navy's Expeditionary Fast Transport program.

Look Out for Wave of New Cyberattacks, Warn Experts (PR Newswire) A wave of new cyberattacks is underway that uses fake internet ads to execute...

Security Patches, Mitigations, and Software Updates

Positive Technologies: Vulnerabilities In Hirschmann Switches Endanger Industrial Companies (Information Security Buzz) Attackers can interfere with interaction of ICS components German vendor Hirschmann, a Belden company, has published information about fixes for five vulnerabilities in network switches used in energy, chemical manufacturing, transportation, and other industries.

Drupal sites can be hacked by any visitor because of the code-execution bug (2Spyware) Drupal hacked for the second time in one month. Patch vulnerabilities immediately. It seems that websites are getting more and more vulnerable to cyber attacks

Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges (Dark Reading) In the rush to patch, organizations can create fresh problems for themselves.

Microsoft is adding new security features to Microsoft 365 Business (Neowin) Microsoft today announced a number of security features for its Microsoft 365 Business suite of products, such as the ability to block emails from being forwarded, data protection policies, and more.

Firefox will get CSRF Protection (ISS Source) When Firefox 60 releases, it will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF)

Cyber Trends

Beware of data crime to harm the consumer, warns former Sainsbury's CEO (Computing) Justin King has made a 35-year career of putting the customer before the data

Five questions on autonomous weapons and the future of war (C4ISRNET) Paul Scharre, a former U.S. Army Ranger who now heads a program at the Center for New American Security, discusses the roles for humans in future wars with autonomous weapons.

‘Army Of None’: A Clear-Eyed Look At The Rise Of Autonomous Weapons (Task & Purpose) Part historical survey, part ethics discussion, part science fiction, Paul Scharre’s 'Army of None' delivers a comprehensive look at autonomous weapons

Cylance® 2017 Threat Report Provides Insight Into Attacks Prevented With Artificial Intelligence (BusinessWire) Cylance Inc., the company that revolutionized endpoint security with true AI powered threat prevention, today released the Cylance 2017 Threat Report.

Michael Dell Says Robopocalypse Is Fake News, Future Is Software (SDxCentral) It’s a robopocalypse-versus-optimists battle for the future of technology, and during his Dell Technologies World 2018 keynote, Michael Dell said he’s an op

Phishing threats still dwarf vulnerabilities, zero-days (SearchSecurity) Email security vendor Proofpoint released its Human Factor 2018 report, which details how phishing threats are evolving and still beating enterprise defenses.

10 alarming cybersecurity facts (PC World) Here are ten things you need to know about modern cyber-security threats.

Companies rely on strength in numbers to fight cybercrime (Westfair Communications) A report by U.K.-based Juniper Research last year found that criminal data breaches could cost businesses worldwide a total of $8 trillion through 2022.

Marketplace

Why the U.S. Ban on ZTE Could Disrupt Telecom Supply Chains (Knowledge@Wharton) The U.S. ban on exports to China’s ZTE is justifiable, but a balance needs to be found to protect trade and technological development, experts say.

Publishers angered by Google's GDPR data-collection demands (Computing) Google is pushing its GDPR obligations onto publishers, claims leaked letter

WhatsApp co-founder Jan Koum resigns from Facebook after clashes over user data (Quartz) WhatsApp's other co-founder left Facebook in September.

Für Siemens auf Hackerjagd (Frankfurter Allgemeine) Natalia Oropeza soll den Konzern vor Netz-Kriminalität schützen. Dabei denkt sie schon einen Schritt weiter und will mit Hilfe einer neuen Idee präventiv gegen Hacker vorgehen.

Akamai results beat estimates as cloud security drives growth (Business Insider) Akamai Technologies Inc trounced Wall Street's estimates for first-quarter revenue and profit on Monday as its aggressive push to cloud security paid off and traditional business of speeding up content delivery on web stabilized.

SentinelOne To Take $100M In 2019 Revenue From Symantec (Forbes) I enjoy seeing startups take market share from big companies.

Dell’s investment arm puts its money on artificial intelligence (The Irish Times) Among its success stories are 11 exits including three stock flotations worth a collective $11bn

Dell's investment arm lauds Cylance backing after first year out of stealth mode | Channelnomics (Channelnomics) Dell Technologies Capital names Cylance success a highlight over last 12 months

DHS Startup Accelerator Awards Its First Final-Phase Contract (Nextgov.com) The department’s Silicon Valley Innovation Program is funding a system to protect video surveillance systems.

The Hive raises $26.5 mln third fund from Verizon Ventures, Software AG, GE, Rockwell Automation, March Capital, others (PE Hub) The Hive said it raised a $26.5 million third fund from investors including Verizon Ventures, Software AG, General Electric, Rockwell Automation, March Capital Partners and unnamed individuals.

Why Midwest Startups With Valley Connections Attract Funding (Forbes) A trend is emerging in venture capital that is good news for the Midwest startup ecosystem: Companies led by seasoned entrepreneurs who strategically opened major offices in both the Midwest and Silicon Valley attract funding from top-tier VC firms.

Unisys takes $250M TSA award with 'Stealth' solution (Washington Technology) Unisys' Stealth product creates huge price differential with competitor and nets the company a $250 million award to secure TSA passenger and baggage screening equipment.

ICF wins $51M in Air Force cyberspace work (Washington Technology) ICF takes a $51.7 million contract to carry out cyberspace support services for the Air Force’s Air Combat Command.

KnowBe4 Appoints Managing Director, EMEA (PR Newswire) Security awareness training expansion through Europe, Middle East and Africa to be helmed by Jeffrey de Graaf...

Margrith Appleby returns to run Kaspersky Lab across A/NZ (ARN) Margrith Appleby has been appointed as general manager of Kaspersky Lab across A/NZ, returning to the channel a year after leaving Lenovo.

The 13 Biggest D.C. Tech Hires to Know About from April (DCInno) Every month we recap the biggest tech hires and departures in the D.C. area. To get hiring and other local innovation news daily, sign up for The Beat. Here’s our list of the top hires in D.C. innovation for April...

Products, Services, and Solutions

GlobalPlatform Secures Biometric Authentication & Enriches Trusted User Interaction (Financial IT) GlobalPlatform, the standard for secure digital services and devices, has extended the functionality of its Trusted User Interface (Trusted UI) APIs.

Cyren Announces Enhanced Security through Microsoft Office 365 Integration (PR Newswire) Cyren (NASDAQ: CYRN) today announced it is working with Microsoft to...

AWS announces support for serverless containers on Kubernetes (Computing) Cloud giant weighs in to support Virtual Kubelet project originally kicked off by Microsoft,DevOps

O'Neil Digital Solutions Achieves HITRUST CSF® Certification to Further Mitigate Risk in Third Party Privacy, Security and Compliance (PR Newswire) O'Neil Digital Solutions, a recognized leader in technology-driven,...

Education Framework Recognized for Efforts to Protect Student Data Privacy (PR Newswire) Bend-based software company, Education Framework, has been recognized for...

DNotes Global CEO Alan Yong Discusses White Paper, Says Release of DNotes 2.0 Marks Start of Accelerated Push for Mass Adoption of Digital Currency (DNotes Global) DNotes Global, Inc. co-founder and CEO Alan Yong recently said that the release of DNotes 2.0 represents a “new phase” in the company’s efforts to achieve mass adoption of digital currency.

Technologies, Techniques, and Standards

A small agency’s framework of cyber standards has big role in cyber fight (Washington Examiner) A small federal agency in Gaithersburg, Md., has updated the seminal document underpinning how the government and industry should collaborate on cybersecurity — a key piece of President Trump’s strategy for securing federal networks.

Battling 'Cyber Fatigue' (BankInfo Security) "Cyber fatigue," the result of being constantly under attack, leads to security mistakes, says Richard Ford of Forcepoint, who discusses what can be done

Six cybersecurity questions to ask the C-suite now (IT Pro Portal) IT professionals can help business decision makers to understand the dimension of the cybersecurity challenge, and how to formulate appropriate solutions, by asking six straightforward questions.

Today's Cybersecurity 'Can't Be Successful With A Static Solution' (Forbes) Concerns for data protection within cyberspace are rising, especially as the cost of security spending increases while the amount of data loss incidents continues to grow.

Security awareness programs that work against human nature will fail (SearchCIO) Just because people are aware doesn't mean they care, explained KnowBe4 chief evangelist Perry Carpenter at last week's CDM CIO Boston Summit. He offered a crash course in human nature for CIOs as step No. 1 in improving security awareness programs.

Design and Innovation

Microsoft Wants to Secure IoT and ICS Devices With New TCPS Project (BleepingComputer) Microsoft engineers have started working on a new project codenamed TCPS —short for Trusted Cyber Physical Systems— that is intended to provide a hardened system for securing Internet of Things (IoT) and Industrial Control Systems (ICS) devices.

Quantum blockchain to use entanglement in time (Enterprise Times) There is a tricky chicken and egg situation here. It would be preferable if models for unbreakable quantum cryptography arrive before quantum computers. The demand for a quantum blockchain to use entanglement in time has many attractions.

Redesigning Security for Fog Computing with Blockchain (Embedded Computing Design) As more connected devices come into use across the industrial IoT (IIoT), traditional cloud computing architectures are no longer sufficient.

Hey Army: Here's A Damn Sensible Idea For The Future Of Cyber Warfare (Task & Purpose) If the Army wants to get serious about cyber warfare, it should put down roots among the private-sector companies of Silicon Valley

Research and Development

Australia releases new science and technology policy to strengthen national security (Devdiscourse) Today the Government released its new National security science and technology policy agenda aimed at strengthening Australia’s nation

IARPA Targets Carbon Security Risk (Meritalk) Users have the reputation of being the weakest link in cybersecurity, because of their potential to undo the most fortified cyber setup with an exposed password or absent-minded click in a phishing email. They’re the guy who forgets to lock one door in an otherwise secure building, or the kid who unwittingly reveals where the family keeps an emergency house key.

Academia

Miami Dade College and Cyberbit Announce New Cyber Range Training Facility to Expand Cyber Education (PR Newswire) Miami Dade College (MDC), the institution of higher education...

Norwich gets $170K NSA/NSF grant to host two GenCyber summer camps (Vermont Business Magazine) Vermont Business Magazine Norwich University has earned two grants totaling over $170,549 from the National Security Agency (NSA) and the National Science Foundation (NSF) to host two summer camps.

National Cyber League Team Performance Shows Growth of Cybersecurity at NDSU (Digital Journal) Students excel in cybersecurity competition, showing how much they've learned at NDSU

Legislation, Policy and Regulation

Rep. Ruppersberger’s 7 steps for better cyber oversight (Fifth Domain) The recommendations include evaluating the current cybersecurity structure within the Department of Homeland Security, as well as a cyber-specific budget hearing for FY19.

The Digital Vigilantes Who Hack Back (The New Yorker) American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law?

Crackdown on abuse of UK businesses for foreign money laundering (GOV.UK) Reforms will ensure Scottish Limited Partnerships continue to be used as a legitimate vehicle for investment and enhance our world-leading business environment.

‘Push button’ captains in the Navy now one step closer to reality (Navy Times) The House Armed Services Personnel Subcommittee has included a proposal to allow military services the ability to directly commission highly skills cyber and scientific officers up to the rank of O-6.

Shrewd Operator and Controversial Adviser Takes the Reins at National Security Agency (Washington Diplomat) John Bolton, former U.S. ambassador to the U.N. under President George W. Bush and a controversial foreign policy commentator, officially started his duties as President Donald Trump’s third national security adviser on April 9.

Ex-CIA Director On National Security, Post-Truth 'Assault On Intelligence' (NPR.org) Michael Hayden's new book critiques the forces threatening the U.S. intelligence community, including President Trump, at a time he says the community's work has never been harder or more important.

Litigation, Investigation, and Enforcement

More detail on why DHS banned Kaspersky (FCW) A pair of filings in Kaspersky Labs' ongoing battle with the U.S. government fills in some of the blanks.

There was no Trump-Russia collusion, but Putin achieved his goal (TheHill) With help from James Clapper, Jim Comey and members of the media, Putin undermined faith in America's democratic process.

Former Autonomy CFO Sushovan Hussain found guilty of fraud in US court (Computing) Hussain to appeal conviction claiming key evidence was excluded from trial

UK High Court rules part of Snoopers' Charter incompatible with EU law (Help Net Security) The UK High Court has ruled that part of the Investigatory Powers Act 2016 (nicknamed Snoopers' Charter) is incompatible with European Union law and the European Convention on Human Rights and, therefore, unlawful.

City of London Police launches cyber security initiative (Financial News) Initiative is being launched at the Investment Association's first cyber security conference for the asset management industry

N.S. flags new round of alleged website breaches to police (CTVNews) Eleven fresh instances of 'unusual activity' on Nova Scotia's freedom-of-information website were detected after a young man allegedly breached the site in early March, the province confirmed Monday.

Ahhh, Smart Offices, Hot Coffee. But Watch Out for Legal Risks (Big Law Business) Like your coffee hot when you get to the office? Want the workplace temperature to self-adjust to the weather? If the answer is “you bet,” be aware that corporate legal risks can go hand in hand with the conveniences of internet-connected devices.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

upcoming Events

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Integrated Cyber (Laurel, Maryland, USA, May 1 - 2, 2018) Integrated Cyber is the premier cyber event bringing together the Integrated Adaptive Cyber Defense (IACD), Automated Indicator Sharing (AIS), and cyber information-sharing communities. This two-day event provides a forum for collaboration and technical exchange to support the adoption of integrated, automated cyber defenses across the cyber ecosystem. Expanded from the IACD Community Day, Integrated Cyber showcases government, industry, critical infrastructure, operations, and research perspectives. Integrated Cyber is hosted by the Johns Hopkins University Applied Physics Laboratory (JHU/APL), in collaboration with the National Security Agency (NSA) and the Department of Homeland Security (DHS). Our goal is to dramatically change the timeline and effectiveness of cyber defense via integration, automation, and information sharing.

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will discuss the legal processes of projecting power in the domain of cyberspace and what capabilities require legal review relating to Defensive Cyberspace Operations (DCO) -- both Internal Defense Measure (IDM) and Response Actions (RA) -- as well as Offensive Cyberspace Operations (OCO).

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language (New York, New York, USA, May 3, 2018) This event brings together technologists and leading policymakers, lawyers, and journalists to bridge the gap between non-technical and technical cyber professionals and features Lisa Monaco, former Assistant to the President for Homeland Security and Counterterrorism and current Distinguished Senior Fellow at New York University Law School and Senior Fellow at Harvard’s Kennedy School of Government.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience tabletop simulation exercise by Professor of Law Amos N. Guiora, SJ Quinney School of Law, University of Utah, and a presentation on "Challenges in Cyber Education" by Daniel Stein, DHS Branch Chief for Cybersecurity Education and Awareness.

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for 2018 focuses on: innovations in software engineering, advances in data security, blockchain impact on C4I, exploiting machine learning, collaborative community resilience, IoT impact on national security, understanding information warfare, innovations in IT acquisition, and disruptive mobility technology.

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the nuclear supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Payment system incident investigated. SamSam spreads. Account takeover tries. Weaponized patches. VW proof-of-concept hack.