The CyberWire Daily Briefing 5.18.18

Summary

By The CyberWire Staff

Hopes that reduced nuclear tensions on the Korean peninsula would moderate North Korean hacking seem on their way to being dashed. South Korean sources say that DPRK cyberattacks have continued essentially unabated.

Researchers at Fortinet have found a new variant of the Mirai Internet-of-things botnet in the wild. They call it "Wicked," and say that is uses three modules: "Scanner," "Attack," and "Killer." Unlike the original Mirai, which brute-forced its way into vulnerable connected devices, Wicked makes use of known exploits to establish access. It scans ports to establish a connection with its targets and uses an exploit appropriate to that connection. Wicked seems to be the work of the same coder who produced the Sora, Owari, and Omni botnets.

RiskIQ has a report out on MEWkit and the Russian mob behind it. MEWkit is an Ethereum phishing tool that makes novel use of automation in its attacks.

KrebsOnSecurity says that LocationSmart, a US company that aggregates cell phone location data, has been leaking those data through a buggy demo page on its website. The flaw granted access without requiring authentication. LocationSmart took down the relevant portions of its site yesterday afternoon upon being informed of the problem. AT&T, Sprint, T-Mobile and Verizon customers could have had location data exposed.

Office 365 is proving increasingly popular as phishbait.

In what amounts to a dog-bites-man story, the Wall Street Journal says a lot of cryptocoin investment offers are scams.

The US Senate yesterday confirmed Gina Haspel as Director of Central Intelligence.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Denmark, European Union, Democratic Peoples Republic of Korea, Republic of Korea, Poland, Russia, Ukraine, United Kingdom, and United States.

Dragos unveils dashboard of ICS-focused threat groups.

The Dragos Intelligence Team tracks a number of industrial-focused activity groups aimed to exploit, disrupt, and potentially destroy industrial systems globally. Each week in May, Dragos will release new content discussing these adversary details that can be read here.

On the Podcast

In today's podcast we speak with our partners at Webroot, as David Dufour describes threat trends. Our guest is Heather Vescent, futurist and author, describing how she applies her work to cyber security.

Sponsored Events

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Dateline

A CISO's perspective on defending a large enterprise (The CyberWire) A talk with Rich Baich, Chief Information Security Officer, Wells Fargo, in which he discussed a CISO's due diligence with vendors, the use of cyber ranges, incident response drills, and some unexpected benefits of years of FUD.

Trends and advice for start-ups (The CyberWire) Panels throughout the day addressed various aspects of the start-up market. If one theme ran throughout the conference, it was the centrality of a start-up's team to its evaluation by prospective investors.

Cybers Investing Summit 2018: Cybersecurity Sector Patnerships [Video] (Cyber Investing Summit) Cybersecurity experts and investors discuss partnership opportunities in the cybersecurity sector at the 2018 Cyber Invest Summit in NYC

Cybersecurity Investing Summit 2018: Cybersecurity Equity Analysis [Video] (Cyber Investing Summit) Cyber Investing Summit 2018 panelists discuss cybersecurity equity valuations, investments, performance, and trends

Cyber Investing Summit 2018: Where Do We Go Now? Moving Forward After the Equifax Hack [Video] (Cyber Investing Summit) Panelists at the Cyber Investing Summit 2018 discuss life after a major breach. Lessons learned, trends moving forward

Cyber Investing Summit 2018: Around the World: International Cybersecurity Investing (Cyber Investing Summit) Speakers at the 2018 Cyber Investing Summit Discuss International Cybersecurity Investment Opportunities, Strategies & Trends

Cyber Investing Summit 2018: Cryptocurrency Breach Protection Panel (Cyber Investing Summit) Keiser Report Co-Hosts lead a panel at the 2018 Cyber Investing Summit about Digital Currency Breach Protection

Cyber Attacks, Threats, and Vulnerabilities

North Korea's cyber attacks on the South have continued despite warmer ties, says expert (Straits Times) Inter-Korea ties may have warmed in recent months after Pyongyang's friendly overtures, but attacks from the regime's cyber army have shown no signs of abating, according to a South Korean expert who tracks their activities.

"Wicked" Variant of Mirai Botnet Emerges (SecurityWeek) A new variant of the Mirai Internet of Things (IoT) botnet has emerged, which features new exploits in its arsenal and distributing a new bot.

This cryptocurrency phishing attack uses new trick to drain wallets (ZDNet) Campaign uses automation to empty cryptocurrency wallets and produce lucrative returns.

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site (KrebsOnSecurity) LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization...

CryptoMiner, WinstarNssmMiner, Has Made a Fortune By Brutally Hijacking Computers (360 Total Security Blog) Recently, 360 Security Center has found that a new CryptoMiner is spreading fast. The distributor has made tremendous profit via mining Monero on infected computers....

Railway systems could be hackers' next big target — and derailing trains wouldn't be that hard (Business Insider) Experts say future malicious capabilities will continue to become more complex over time, and may target critical infrastructure like railway systems, electrical networks, and water companies.

Vulnerable connected devices posing immense security risk to organisations (SC Media UK) Many organisations do not have security policies for connected devices, or their employees do not follow existing policies by the book.

How can Office 365 phishing threats be addressed? (Help Net Security) The frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials.

Buyer Beware: Hundreds of Bitcoin Wannabes Show Hallmarks of Fraud (Wall Street Journal) A Wall Street Journal analysis of 1,450 cryptocurrency offerings reveals rampant plagiarism, identity theft and promises of improbable returns.

Facebook crushes 583 million fake accounts in 3 months (Naked Security) On a daily basis, it disables millions of fake accounts before they ever hatch.

Aussie school networks are open slather for cyber attackers: Dimension Data (CRN Australia) Dimension Data shares insights into cybersecurity landscape.

Are Meltdown and Spectre real vulnerabilities or mere flaws? (SearchSecurity) Are Meltdown and Spectre real vulnerabilities, or are they only features that have been exploited? Learn why there's a debate around this subject and what qualifies as a true vulnerability.

How Hoosiers can protect their accounts from 'shimming' (WISH) If you thought that chip in your credit card protected you from hackers, think again. Scammers have a new way around the security measure called 'shimming.'

Security Patches, Mitigations, and Software Updates

Critical Flaws in Cisco DNA Center Allow Unauthorized Access (SecurityWeek) Cisco has found and patched three critical unauthorized access vulnerabilities in Digital Network Architecture (DNA) Center

Google Chrome to Remove “Secure” Indicator From HTTPS Pages in September (BleepingComputer) Google announced earlier today plans to drop the "Secure" indicator from the Chrome URL address bar and only show a lock icon when the user is navigating to an HTTPS-secured website.

Cyber Trends

One Year After WannaCry: A Fundamentally Changed Threat Landscape (Threatpost) Threatpost talked to several security researchers about what's changed in the past year.

New Threat Intelligence Reveals That Simple Cyberthreats Remain Successful (Security Intelligence) According to new threat intelligence data, simple threats, such as phishing and drive-by downloads, remain popular among cybercriminals.

Security vendors need to stop doing more harm than good (ZDNet) Opinion: What if the security industry operated under a basic tenet: "First, do no harm?"

Most Companies Willing to Spend More on App Security Only After a Breach, Ponemon Study Shows (Security Boulevard) Most companies admit they don't invest enough in application security until after they've suffered a breach, and almost half lack clear visibility into their business-critical apps, according to new data sourced by Ponemon Institute.

Despite advances, Artificial Intelligence still faces critics (CGTN America) More nations are banking on AI technologies, but critics say not so fast. Many fear AI could take over jobs, others are also worried AI threatens humanity.

CLTC Research: American Companies Struggle to Meet GDPR's Data Breach Notification Rules - CLTC (CLTC) On May 25, 2018, Europe’s General Data Protection Regulation (GDPR) will come into effect following a two-year implementation period.

iTWire - Eight days before GDPR, Australian firms seem unprepared (ITWire) More than 90% of Australian IT decision-makers, who took part in a survey that looked at their readiness to meet the standards of the EU General Data...

Marketplace

Cybersecurity the latest battleground for MSPs (MicroscopeUK) SolarWinds MSP says relationships with customers will suffer if channel doesn’t get security offerings right

Siemens and partners sign joint charter on cybersecurity (Siemens) At the Munich Security Conference 2018, Siemens and eight partners from industry signed the first joint charter for greater cybersecurity. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization.

Conditions Could Get Choppy When SailPoint Lockup Expires (Seeking Alpha) When the IPO lockup for SAIL expires on May 29th, pre-IPO shareholders and company insiders will be able to sell more than 60 million shares of currently-restri

WannaCry fever pays off for cyber security giant Sophos (The Telegraph) The ransomware attack on the NHS and new data protection laws helped cap a buoyant year for cybersecurity company Sophos.

Cisco's In-Line Guidance Isn't Good Enough (US News & World Report) The market was looking for more from Cisco's earnings report.

Is Symantec a Broken Company or a Broken Stock? (The Motley Fool) The cybersecurity company posted soft guidance and disclosed an internal audit.

Cambridge tech's £2.4bn contribution to the UK economy (Cambridge News) Our companies are *very* productive

How the Army is equipping cyber warriors in (near) real time (Fifth Domain) The Army is leveraging an acquisition vehicle as a means of getting capability in the field faster.

IBM assigns patents to cybersecurity company Finjan (World Intellectual Property Review) IBM has assigned 41 patents and one pending application to Finjan Blue, a subsidiary of cybersecurity company Finjan Holdings, which owns IP covering cybersecurity.

BitSight to Move Global Headquarters to Boston's Back Bay (PR Newswire) BitSight, the Standard in Security Ratings, today announced plans to...

Products, Services, and Solutions

Tenable Launches New Cyber Exposure Certification Program for Partners (PR Newswire) Tenable®, Inc., the Cyber Exposure company, today announced a new Cyber...

tCell Joins Splunk Adaptive Response Initiative (PR Newswire) tCell, the leading provider of web application threat defense and...

USO Uses Cylance’s AI Powered Endpoint Solution To Protect Donors, Along with Service Members and Their Families from Information Theft (WV News) Cylance® Inc., the company that revolutionized endpoint security with true AI powered threat prevention, is pleased to highlight the proactive efforts of the United Service Organizations,

Hack the DHS Bill: Marten Mickos Interview on NBC (HackerOne) See how HackerOne helps you tap into a global community of hackers to find critical vulnerabilities before they can be exploited.

JASK Unveils ‘Special Ops’ Professional Service to Support Customers with an Elite Cyber Threat Hunting Team (BusinessWire) Former Splunk, RSA FirstWatch and Palo Alto Networks Threat Researchers Lead Service that Reduces Time-to-Value and Provides Access to the Latest Counter-Adversary Intelligence

Technologies, Techniques, and Standards

(Guide) Uninstall StalinLocker Screenlocker from Windows PC or Apple MacOS / OS X (CyberByte Blog) Observed by using MalwareHunterTeam, StalinLocker is a newly-found malware that stealthily infiltrates the device and locks the pc screen. After doing so, Stali

Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment (Security Boulevard) The post Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment appeared first on Delta Risk.

Protection from ransomware requires layered backup, DR (SearchDisasterRecovery) Protection from ransomware continues to be an important part of the overall backup and disaster recovery strategy. Advice, like ransomware, is constantly evolving.

The Army is grooming an elite tier of electronic warriors (C4ISRNET) The service wants its approach to a cyber/EW workforce to mirror the relationship between special operations forces and the high-end special operators in Joint Special Operations Command.

Co-Ed Cyber Teams Optimize Talents (SIGNAL) More women are needed to balance and enhance cyber workforce.

With electronic warfare, the Army needs to move fast, even with broken things (C4ISRNET) Given the rapidly evolving pace of electronic warfare, it's more important to field flawed equipment that the Army can learn from and iterate upon than it is to wait for a perfect tool that will be impossible to make.

Leadership, culture key to surviving a cybersecurity crisis (Healthcare IT News) Retired Navy Commander Kirk Lippold will share his vision for leadership within an organization, including creating a culture of integrity and personal accountability, at the HIMSS Security Forum in June.

Design and Innovation

Why Isn't Integrity Getting the Attention It Deserves? (Dark Reading) A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.

How IBM is using Latin flowers to help companies comply with GDPR (CIO Dive) The engine converts names, birthdays, addresses and other types of personally identifiable information into a series of random identifiers.

JP Morgan Tests Blockchain’s Capital Markets Potential (Wall Street Journal) JP Morgan Chase & Co. demonstrated a prototype of its blockchain-based platform for capital markets, called Dromaius, on Wednesday at the Consensus 2018 conference. A team of employees will work this year on overcoming challenges related to integrating and scaling the technology before deploying it to customers.

How gaming can help solve cybersecurity woes (The Next Web) Capture the Flag (CTF) tournaments in which participants compete to solve security problems or to attack and defend computer systems are a perfect example of how gaming can get more people involved in cybersecurity jobs,

Research and Development

Cybersecurity ‘Moonshot’ Plan to Head to Trump in November (Nextgov) An advisory group shared broad principles of the moonshot plan, but no details, Thursday.

Army surveys industry for the latest artificial intelligence research for cyber and electronic warfare (Military Aerospace) U.S. Army researchers are surveying industry to determine the state of the art in artificial intelligence technologies for electronic warfare, cyber warfare, signals intelligence, and big-data analytics.

Academia

Florida Center for Cybersecurity Announces 13 New Capacity Building Award Projects (University of South Florida) The Florida Center for Cybersecurity, hosted at the University of South Florida, has awarded more than $700,000 in funds to 13 projects across the State University System of Florida (SUS) through its Capacity Building Award program, implemented to enhance the state's cybersecurity education and research capabilities.

NCSC to offer fresh CyberFirst courses to 14-to-17-year-olds (TEISS) Following on the success of the Cyber Discovery programme, the government has now launched a new CyberFirst programme to help 14-to-17-year-olds in the UK choose cyber security careers in the future.

Legislation, Policy and Regulation

Denmark Unveils $240M Cyber Defence Plan (Defense World) Defense, aerospace, news, exhibitions, C4ISR, aircraft, procurement, pentagon, contracts, companies, categories, events, interviews.

Senate confirms Haspel to head CIA (TheHill) The Senate on Thursday confirmed Gina Haspel to lead the CIA despite engrained opposition over her involvement in the George W. Bush-era interrogation program.

DHS cybersecurity strategy keys in on risk, vulnerability management (SC Media US) The DHS Cybersecurity Strategy may have been delivered late, but it's on point, cybersecurity pros said.

New Dept Of Energy Cybersecurity Strategy - Threat Sharing, Supply-Chain Risk Management, R&D, etc. (Information Security Buzz) The US Department of Energy has released its Multi-Year Plan for Energy Sector Cybersecurity to help make US energy systems more resilient and secure.

Leaders Push for Innovative Cyber Information Sharing (SIGNAL) As the backstop for the nation’s cyber warfare, the military should look to more partnerships to improve its defenses.

Cyber Command has a full cyber staff now (Fifth Domain) Meeting a rigorous set of criteria, Cyber Command's cyber mission force is now fully manned.

Air Force Cyber Mission Force teams reach ‘full operational capability (45th Space Wing) Air Forces Cyber announced today all Air Force Cyber Mission Force teams achieved full operational capability May 11. The 39 total force teams, comprising more than 1,700 Airmen, civilians and

House Lawmakers Introduce New Bill to Mandate White House Cyber Coordinator Role (Executive Gov) Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.) have introduced a bill that would make the cyber

Litigation, Investigation, and Enforcement

Poland busts Russian 'hybrid warfare' ring (Deutsche Welle) The group was allegedly attempting to exacerbate tensions with Ukraine and promote the Kremlin's interests. Several Western nations have accused Russia of similar tactics.

CIA’s “Vault 7” mega-leak was an inside job, claims FBI (Naked Security) The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.

FBI working to soften potential blow if top-secret informant exposed: report (TheHill) The FBI has reportedly been working in recent weeks to soften the blow if the identity of a top-secret informant who fed information to investigators early on in the Russia probe is revealed.

A Year Into The Job, 3 Big Lessons About Special Counsel Robert Mueller (NPR.org) The taciturn former FBI director sits like a sphinx in the eye of a political hurricane in which he is considered both a villain and an unlikely champion.

Judge To Decide Fate Of Civil Lawsuit Alleging Trump Campaign Colluded With Russia (NPR.org) A federal judge heard arguments from three plaintiffs, who are suing the Trump campaign and Trump ally Roger Stone, about the alleged conspiracy. Stone and the campaign have denied any wrongdoing.

Poisoned Ex-Spy Skripal Released From British Hospital (RadioFreeEurope/RadioLiberty) Sergei Skripal, a Russian former double agent who was poisoned with a nerve toxin in England in March, has been released from the hospital, British health authorities said on May 18.

Hackers Steal '$15.3 Million' From Mexico Financial System (SecurityWeek) Hackers who targeted Mexico's interbank payment system made off with more than $15 million in the past several weeks, the Bank of Mexico said.

Europe continues to be a cybercrime hub (Help Net Security) Europe continues to be a cybercrime hub with 38% of all attacks originating from Europe, a significant originator of global bot attacks predominantly coming from Russia and Ukraine.

Inside the Takedown of a Notorious Malware Clearinghouse (WIRED) How security researchers caught the creators of counter antivirus services Scan4You.

Cyber-Criminal Residing in Latvia Convicted for Role in Operation of Counter Antivirus Service “Scan4you” (US Department of Justice) A federal jury today convicted a Latvian “non-citizen,” meaning a citizen of the former USSR who had been residing in Riga, Latvia, of three counts related to his operation of “Scan4you,” an online counter antivirus service that helped computer hackers to determine whether the computer viruses and other malicious software they created would be detected by antivirus software...

Metros With the Most Fraud Alerts (LendingTree) LendingTree researchers use anonymized customer data to determine where people were most likely to request that a fraud alert be placed on their credit reports.

'John Doe' sentenced for decades of identity theft, fraud (Bay Net) United States District Judge Ellen L. Hollander sentenced defendant “John Doe,” whose true identity remains unknown, to 42 months in prison, followed by three ...

Lawsuit: Baltimore Co. failed to address reported high school cyberbullying (Maryland Daily Record) The parents of an Eastern Technical High School student are suing another student for allegedly defaming their daughter in social media postings, as well as the principal and the Baltimore County …

Ecuador Reverses Assange's Extra Security at London Embassy (Telesur TV) Ecuador's President Lenin Moreno is eliminating the extra security for WikiLeaks founder Julian Assange provided by his predecessor, Rafael Correa. 

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for 2018 focuses on: innovations in software engineering, advances in data security, blockchain impact on C4I, exploiting machine learning, collaborative community resilience, IoT impact on national security, understanding information warfare, innovations in IT acquisition, and disruptive mobility technology.

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the nuclear supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

DPRK hacks on. New Mirai variant "Wicked." Notes on MEWkit. Leaky LocationSmart. Coin fraud. DCI confirmed.