The CyberWire Daily Briefing 5.15.18

Summary

By The CyberWire Staff

Researchers report a vulnerability in the way email clients render content encrypted with the widely used PGP and S/MIME protocols. Jettisoning them, as some advise, is thought by many to be unwise. See their linked comments below for discussion. And, obviously, keep your email clients updated.

The Netherlands will ban Kaspersky products from government networks. Huawei's partnership with Chinese authorities to establish surveillance networks covering Xinjiang province arouses concerns internationally about the company's products. The US Administration's gesture of a lifeline for ZTE draws criticism from those who see ZTE as a security threat, and not merely a sanctions-evader.

Advocacy group Access Now says it's found evidence Turkey's government is using FinFisher spyware tools against dissidents.

The New Scientist reports that the University of Cambridge's Psychometrics Centre culled data from the now notorious Facebook personality quiz, myPersonality, and shared it with hundreds of researchers over a period of four years. Some three-million individuals were affected. The data were poorly secured and imperfectly anonymized. This is the same data collection project whose results were used by now-defunct Cambridge Analytica.

Adobe yesterday patched forty-seven vulnerabilities in Acrobat and Reader. Samsung also patched, stopping six critical bugs in its handsets.

Some welcome good news: researchers at the University of Florida have tested a method of detecting cloned, fraudulent gift cards at the point of sale by the unstable "jitter" cloning introduces. Similar techniques could be applied to cloned ATM cards.

Crooks are phishing for Apple credentials. Their bait is a GDPR "hardening" offer.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Denmark, European Union, Germany, Republic of Korea, Mexico, Netherlands, Russia, Taiwan, Turkey, United Kingdom, and United States.

Dragos unveils dashboard of ICS-focused threat groups.

The Dragos Intelligence Team tracks a number of industrial-focused activity groups aimed to exploit, disrupt, and potentially destroy industrial systems globally. Each week in May, Dragos will release new content discussing these adversary details that can be read here.

On the Podcast

Today's podcast we speak with our partners at the University of Maryland Center for Health and Homeland Security, as Ben Yelin talks about the Microsoft overseas data storage case that went to the US Supreme Court. Our guest is John Grimm from Thales eSecurity on their Global Encryption Trends.

Sponsored Events

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Selected Reading

Dateline

BC-BUSINESS (Virginian-Pilot) Keiser Report Co-Hosts Stacy Herbert &amp; Max Keiser to Host Digital Currency Breach Protection Panel at the Third Annual Cyber Investing Summit

Cyber Attacks, Threats, and Vulnerabilities

Turkey's Government Tried to Hack Hundreds of Protesters Over Twitter, Researchers Say (Motherboard) A new report details a widespread campaign targeting several Turkish activists and protesters, using the infamous government malware made by FinFisher.

Turkey used German spy software on opposition politicians and activists (Deutsche Welle) Opposition protesters in Turkey were reportedly deceived into downloading a spy app made by a German firm. Germany has previously vowed to block exports of spy software to authoritarian countries.

European spy chiefs warn of hybrid threats from Russia, ISIS (Fifth Domain) European intelligence chiefs warned Monday that Russia is actively seeking to undermine their democracies by disinformation, cyberattacks and more traditional means of espionage.

Inside a Russian company's election meddling (USA TODAY) A USA TODAY Network analysis of the company's Facebook ads...

Targeting power grid is too easy, Energy Department says (Washington Examiner) Energy Secretary Rick Perry warned Monday that the electric grid is easier to attack than ever as he issued a comprehensive cybersecurity strategy.

Thieves suck millions out of Mexican banks in transfer heist (Reuters) Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government's investigation said.

Hackers steal up to 400 million pesos from banks in cyber attack (Mexico News Daily) They used hundreds of false orders to make transfers of hundreds of thousands of pesos to fake accounts in other banks.

Hackers Divert Funds From Mexico Banks, Amount Unclear: Official (SecurityWeek) Hackers have stolen an unknown amount of money from banks in Mexico in a series of cyber attacks on the country's interbank payments system, an official said Monday.

New PowerShell Backdoor Discovered (SecurityWeek) The recently detected PowerShell backdoor called PRB-Backdoor can steal information and execute various commands on the infected machines.

Popular encrypted email standards are unsafe: researchers (Reuters) European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.

Email encryption systems 'irreparably broken': German researchers (Deutsche Welle) The two common types of email encryption are not as secure as previously thought, German researchers have found. Both Windows and Apple users could be affected by the "Efail" problem.

Attention PGP Users: New Vulnerabilities Require You To Take Action Now (Electronic Frontier Foundation) UPDATE (5/14/18): More information has been released. See EFF's more detailed explanation and analysis here.A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team,...

Users Warned of Critical Email Encryption Security Flaw (BleepingComputer) A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools. The flaw, if exploited, allow an attacker to decrypt sent or received messages, according to the researcher team.

Encrypted Email Has a Major, Divisive Flaw (WIRED) An attack called eFail overcomes the protections of encrypted email standards PGP and S/MIME.

People Are Freaking Out That PGP Is ‘Broken’—But You Shouldn’t Be Using It Anyway (Motherboard) Hackers that can intercept your encrypted emails, or steal your emails from your computer or a server, may be able to decrypt them taking advantage of new vulnerabilities found in the way some email clients treat HTML.

Misleading Advice Following the Efail PGP Vulnerability: Encryption is Better than no Encryption (Benzinga) Synack CTO and Co-Founder Mark Kuhr analyzes the reported PGP vulnerability "Efail" and the guidance given to consumers from the research group who discovered the vulnerability....

'EFAIL' Email Encryption Flaw Research Stirs Debate (Dark Reading) A newly revealed vulnerability in email encryption is a big problem for a small subset of users.

Despite Efail, the sky is not falling (Graham Cluley) The Efail attack on encrypted emails is sneaky, but it doesn’t seem to be all that it’s hyped up to be.

Cyber attack hits Danish rail network (Local) Danish state rail operator DSB was the victim of an unprecedented DDoS cyber attack, the company confirmed on Monday.

A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan (Security Boulevard) As discussed in previous blogs, exploit kit activity has been on the decline since the latter half of 2016.

StalinLocker Deletes Your Files Unless You Enter the Right Code (BleepingComputer) A new wiper called StalinLocker, or StalinScreamer, was discovered by MalwareHunterTeam that gives you 10 minutes to enter a code or it will try to delete the contents of the drives on the computer. While running, it will display screen that shows Stalin while playing the USSR anthem & displaying a countdown until files are deleted.

DDoS Attacks Leverage UPnP Protocol to Avoid Mitigation (BleepingComputer) Attackers are experimenting with a new method of avoiding some DDoS mitigation solutions by employing the Universal Plug and Play (UPnP) protocol to mask the source port of network packets sent during the DDoS flood.

New DDoS Attack Method Demands a Fresh Approach to Amplification Assault Mitigation (Imperva) Amplification attack vectors are some of the most commonly used tools in the DDoS attacker’s arsenal.

Infoblox research finds explosion of personal and IoT devices on enterprise networks introduces immense security risk (PR Newswire) Infoblox Inc., the network control company that provides Actionable...

What is Lurking on Your Network: Exposing the threat of shadow devices (Infoblox) For IT departments, the complexities and security issues around managing BYOD schemes and unsanctioned Shadow IT operations have long been a cause for concern.

Huge new Facebook data leak exposed intimate details of 3m users (New Scientist) Data from millions of Facebook users, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found

Hackers can jump from passenger Wi-Fi to train control networks (Help Net Security) Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems.

GDPR Phishing Scam Targets Apple Accounts, Financial Data (Threatpost) A phishing scam fooled victims by claiming to be Apple and scooping up personal details – including financial information and Apple account information.

Detecting Cloned Cards at the ATM, Register (KrebsOnSecurity) Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card’s magnetic stripe.

Remote code execution bug found in GPON routers, but how bad is it really? (Naked Security) An anonymous researcher recently disclosed two vulnerabilities in several older models of Dasan-made GPON routers.

Crypto-Mining Malware Tops Most Wanted List (Infosecurity Magazine) Check Point releases its list of April's most wanted malware.

Chili's Fires Up Incident Response, Post-Breach (Infosecurity Magazine) Credit card information for in-restaurant purchases was scraped from systems.

Security Patches, Mitigations, and Software Updates

Adobe Patches Two Dozen Critical Flaws in Acrobat, Reader (SecurityWeek) Adobe patches nearly 50 vulnerabilities in its Acrobat and Reader products, including critical code execution flaws

Samsung Patches Six Critical Bugs in Flagship Handsets (Threatpost) Samsung updates S9, Note 8 and S8 phones with 27 patches from a RCE bug to a patch that prevents an ancient peek-and-poke attack first identified in 1980s.

Cyber Trends

How GDPR is changing the cybersecurity conversation in the C-suite (Cyberscoop) BitSight Senior Vice President Dave Fachetti talks with Greg Otto about what companies should be doing ahead of the GDPR compliance deadline.

State of Software Security: Insight Into Government Sector Application Security And Guidance For Policy Makers (Veracode) In 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of two massive data breaches.

The pace of vulnerability disclosure shows no signs of slowing (Help Net Security) Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security's 2018 Q1 Vulnerability QuickView Report.

Q1 2018 Vulnerability Quick View Report (Risk Based Security) The fast pace of vulnerability disclosure that was evident throughout 2017 continues unabated into the first 3 months of 2018. With over 5,300 new vulnerabilities reported,

Tech Companies Are Ruining America's Image (Foreign Policy) The United States has become identified with the global internet economy — for better and worse.

Marketplace

Internet of Things Spending Forecast to Grow 17.9% in 2016 Led by Manufacturing, Transportation, and Utilities Investments, According to New IDC Spending Guide (IDC) IDC examines consumer markets by devices, applications, networks, and services to provide complete solutions for succeeding in these expanding markets.

Symantec reveals what caused financial report delay (CRN Australia) Doesn't expect any material impact on financials.

Symantec Reveals Little on Call to Discuss Investigation (Bloomberg.com) Symantec Corp. shares jumped Monday as investors anticipated an afternoon call with senior management to shed more light on an internal investigation disclosed last week. But if analysts were looking for answers, they didn’t really get much.

Palantir co-founder Joe Lonsdale 'wouldn't mind' if the company went public in the next few years (CNBC) "I think they're really focused on the really hard problems they're solving and not as focused on, how are we going to cash out and make money?" Lonsdale said.

What Else Is On Qualys' Radar? (Seeking Alpha) CEO Phillippe Courtot said acquisitions will continue to be a part of his strategy as the company seeks to accelerate product development and expand into adjace

Leading Government Contracts Lawyer Cameron Hamrick Joins Growing D.C. Office of Miles & Stockbridge (Miles & Stockbridge P.C.) Miles & Stockbridge continues its strategic expansion in Washington, D.C. with the addition of Cameron Hamrick...

Products, Services, and Solutions

Leaked Documents Show How Instagram Polices Content to Prevent ‘PR Fires’ (Motherboard) Besides revenge porn and terrorism, flags for moderators include ‘Nazi,’ ‘Cartel,’ and ‘Gang,’ according to leaked training documents for Instagram workers.

KnowBe4 Ranks Top Cybersecurity Training Solutions, 2018 Black Book Market Research User Survey (PR Newswire) Black Book Market Research LLC's annual poll of cybersecurity products,...

Forcepoint Secures Huisman's Mobile Workforce through Cloud-Based Web and Email Security (PR Newswire) Global cybersecurity leader Forcepoint...

PhishLabs and BrandProtect Partner to Empower Threat Intelligence and Mitigation (ReadITQuik) PhishLabs and BrandProtect recently announced their merger. The combined company also announced that it has successfully raised growth capital in a round of funding led by LLR Partners and also saw participation from existing PhishLabs investor Alerion Ventures.

Fortanix Scores Partnerships with IBM Cloud and Equinix, Encrypts (SDxCentral) Security startup Fortanix uses software running on Intel Software Guard Extensions (SGX) hardware to protect applications and data during computation.

Technologies, Techniques, and Standards

Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure (CSO Online) “There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.

Cyber War and the Compromise of Reliable Full Disclosure (SecurityWeek) Responsible full disclosure of vulnerabilities has been undermined and co-opted wherever possible and feasible. We must assume that there are far more vulnerabilities than we are aware of.

Behind the Scenes in the Deceptive App Wars (SecurityWeek) It is hard to see how any outright deceptive app produced by developers simply out to get as much money as possible will ever be persuaded by force of argument alone to abandon deceptive practices.

Smashing Silos and Building Bridges in the IT-Infosec Divide (Dark Reading) A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.

Pentagon Wants Cloud Secure Enough to Hold Nuke Secrets (Nextgov.com) The Pentagon’s JEDI cloud will be designed to store the government’s most sensitive classified information, including nuclear secrets.

FBI boosts IT efforts to protect itself from rogue employees (FederalNewsRadio.com) Roger Stanton, the assistant director of the insider threat office for the FBI, said the two technology platforms will help create a better culture of collaboration.

You Should Take Five Minutes to Update Your OS and Apps (Motherboard) For day one of our digital security tuneup, take a minute to update all your operating systems.

Combating fraud and money laundering with graph analytics (Help Net Security) Graph analytics has emerged at the forefront as an ideal technology to support AML. Graphs overcome the challenge of uncovering the relationships in massive, complex and interconnect data. The graph model is designed from the ground up to treat relationships as first-class citizens.

Massive 'power outage' to hit Wisconsin; statewide training exercise starts Tuesday (Madison.com) What would happen if the power went out across Wisconsin, because of a cyber or physical attack to the power grid?

Design and Innovation

RSA Innovation Sandbox Opens a Portal into Cybersecurity's Future (eWEEK) Big ID won the 2018 Sandbox competition, which provides a barometer for trendy security approaches. Attendees watched 10 entrepreneurs pitching their wares on a 3-minute clock before a large audience and panel of tough judges.

Whitfield Diffie Talks Cryptography 'Resurgence' and Blockchain (CoinDesk) A pioneer of public-key cryptography said the blockchain boom represents a "resurgence" of the work he helped start in the 1970s.

China-developed cyber mimic defense withstands 500,000 attacks (Xinhua) A cyberspace security system based on the China-proposed mimic defense theory has withstood over 500,000 hacker attacks in an international challenge, held in Nanjing, capital of east China's Jiangsu Province.

Threat Intelligence Machine Learning Adoption: Ditch the Black Box (Security Intelligence) While studies reveal the majority of CTI adopters are dissatisfied with threat intelligence machine learning adoption, there's evidence the adversary is already using algorithms to their advantage.

Legislation, Policy and Regulation

The ethics of 'securitising' Australian cyberspace (The Conversation) Framing cyberspace as a national security concern can quickly erode fundamental human rights.

Finding the line between privacy and security in Australia’s cyberspace (Asian Correspondent) AS technology evolves and Australia becomes ever-more reliant on cyber systems throughout government and society, the threats that cyber attacks pose to the country’s national security are real – and significant.

Government Seeks to Thwart Cyber Threats (Taiwan Business TOPICS) Declaring that “information security is national security,” President Tsai Ing-wen’s administration has made considerable progress fulfilling promises to beef up Taiwan’s cybersecurity defenses as well as to spur development of the home-grown cybersecurity sector

US-Brazil strengthen bilateral cooperation on secure cyberspace (Devdiscourse) Global Edition | Senior representatives and other non-governmental stakeholders from the United States and Brazil participated in the US-Brazil Internet and

Dutch government to drop Kaspersky Lab, citing security concerns (CNET) The Netherlands is following in the United States' footsteps with its decision to stop using the Russian security company's software.

Possible Kaspersky sanctions meet resistance inside U.S. government (Cyberscoop) A White House plan to sanction Kaspersky Lab has met resistance from senior U.S. government officials who are worried that it could set a dangerous precedent for global behavior on the internet.

Huawei’s partnership with China on surveillance technology raises concerns for foreign users (The Globe and Mail) Company working with Chinese government on advanced security technology in Xinjiang region

Analysis | The Cybersecurity 202: Trump's ZTE reversal flouts warnings from top national security officials (Washington Post) U.S. officials have warned that ZTE's phones could be used as surveillance tools against Americans.

Rubio says Trump's reversal on ZTE is a national security risk (CNBC) Sen. Marco Rubio criticized President Trump's reversal on Chinese telecom company ZTE.

Commerce Department Order Leaves Millions of ZTE Phone Users Without Android Updates (Wall Street Journal) Millions of American users of smartphones made by ZTE Corp. are already feeling the fallout from the U.S. Commerce Department’s blacklisting of the Chinese phonemaker: They’re unable to update Google’s Android operating system.

Defying Republicans, Senate Democrats schedule vote to save net neutrality (Ars Technica) Democrats force Senate to vote this week—FCC repeal would take effect on June 11.

Agency That Vets Pentagon Contractors’ Security Isn’t Keeping Up With the Threat, Audit Finds (Nextgov.com) The Defense Security Service plans to shift to a risk-based approach, but needs to reach out to stakeholders, GAO says.

Litigation, Investigation, and Enforcement

Prosecutors raid home of ex-chief of defense security unit (Yonhap News Agency) Prosecutors on Monday raided the home of a former Defense Security Command (DSC) chief over suspicion that he was involved in the military's allegedly illicit online political maneuvers.

Experian hit with lawsuit over government watchlist alerts (Reuters) Credit bureau Experian has been hit with a proposed nationwide class action in California accusing it of mistakenly reporting that consumers were on a government watchlist of security threats and not helping consumers correct the mistakes.

Reality Winner's Defense Appeals Rejection Of Subpoenas (Shadowproof) The defense for former NSA contractor Reality Winner appealed a federal magistrate judge's decision, where 40 out of 41 subpoenas were rejected.

“Like stealing candy from a baby,” arrested teen says of his phishing efforts (Ars Technica) Police say that "10-15" students' grades were changed, but not the suspect's own.

Police threaten to ban and arrest people mocking tiny cannabis bust in Yorkshire (Yorkshire Post) Police officers have threatened to arrest people and ban them from their Facebook page after they made fun of their tiny cannabis bust online.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for 2018 focuses on: innovations in software engineering, advances in data security, blockchain impact on C4I, exploiting machine learning, collaborative community resilience, IoT impact on national security, understanding information warfare, innovations in IT acquisition, and disruptive mobility technology.

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the nuclear supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, Jun 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, Jun 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, Jun 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

New York State Cybersecurity Conference (Albany, New York, USA, Jun 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, Jun 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, Jun 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, Jun 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

Cyber//2018 (Columbia, Maryland, USA, Jun 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, Jun 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, Jun 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, Jun 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, Jun 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Dynamic Connections 2018 (Palm Springs, California, USA, Jun 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Email vulnerability. Banning Kaspersky, reprieving ZTE, suspecting Huawei. University data scandal. Patch news. GDPR phishbait.