The CyberWire Daily Briefing 5.22.18

Summary

By The CyberWire Staff

Another speculative execution flaw similar to Spectre and Meltdown has been discovered. The vulnerability is exploitable by "Speculative Store Bypass," which could expose user data across a broad range of devices. This disclosure has been coordinated among Intel, AMD, ARM, IBM, Microsoft and other tech firms. Some vendors have already issued mitigations. Those who face a more challenging patching problem (including Intel) intend to make fixes available within the next few weeks. Analysts tell users to expect some performance decline after applying patches.

Three big dogs aren't barking right now, and there's speculation that they may do so soon. Speculation in the UK holds that Russia's restraint from attacking British infrastructure is temporary. Once the World Cup (hosted this year in Russia) is over, analysts expect the Bears to begin dancing. Iran's widely anticipated reprisals against the US for withdrawing from the nuclear deal are also yet to materialize. And some ask what might have become of the large trove of data stolen in the OPM breach, presumably now in the hands of Chinese intelligence.

What North Korea is up to is clear enough: more theft, totaling $635 million by some estimates. The US is considering putting hacking on the summit agenda.

Vulnerable GPON routers are being herded into botnets.

Comcast is reported to have rendered customers' Wi-Fi passwords relatively easy to compromise. They're expressed in plain text on a readily accessible activation site.

The TeenSafe tracking app is said to have exposed customer data in a misconfigured AWS bucket.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Iran, Democratic Peoples Republic of Korea, Malta, Mexico, Russia, Ukraine, United Kingdom, and United States.

Learn four incident response lessons from high-profile breaches.

Most enterprises know that they are constantly under attack but haven’t fully embraced some lessons to be learned from real-world, high-profile security incidents. Watch this free webinar, presented by experts from Coalfire and Arete Advisors, to learn four practical lessons that will help you avoid damaging losses and minimize negative impacts of cybersecurity incidents.

On the Podcast

In today's podcast, we speak with our partners at Terbium Labs, as Emily Wilson discusses the notion of fear versus empowerment applied to security. Our guest is Sam Elliott from Bomgar with a review of Bomgar's 2018 Privileged Access Threat Report.

Sponsored Events

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Spectre chip security vulnerability strikes again; patches incoming (ZDNet) A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system.

Tech Firms Coordinate Disclosure of New Meltdown, Spectre Flaws (SecurityWeek) Intel, AMD, ARM, IBM, Microsoft and other major tech firms have released updates, mitigations and advisories for two new Meltdown/Spectre speculative execution attacks dubbed Variant 3a and Variant 4

After Meltdown and Spectre, Another Scary Chip Flaw Emerges (WIRED) A new processor vulnerability known as Speculative Store Bypass could expose user data on a huge swath of devices.

Google, Microsoft find another Spectre, Meltdown flaw (CNET) Intel promises patches in the next few weeks. Devices could take a performance hit.

Russia in cyber attack plot to 'CRIPPLE the CITY OF LONDON' after football World Cup (Express) RUSSIA could be waiting until after next month’s World Cup to launch a cyber attack on the UK that could bring the City of London to a standstill, it was revealed on BBC Newsnight.

Blogger Manuel Delia claims government behind cyber attack; government denies (Malta Independent) The government has denied claims that it was behind a DDoS attack on blogger Manuel Delia’s website, with the former blasting Castille for failing to assure that it would take action and

Recorded Future: Iranian cyberattacks poised to resume (SearchSecurity) Iranian cyberattacks are likely to resume following the Trump administration's decision to withdraw from the Iran nuclear deal, according to new research from Recorded Future.

US wary of North Korean cyber prowess ahead of Kim-Trump summit (CNN) The US intelligence community is exploring acquiring or developing new technological means of protecting its communication channels prior to the planned meeting between President Donald Trump and North Korean leader Kim Jong Un in June in Singapore, one intelligence source with knowledge of the matter told CNN.

'The US is vulnerable in cyberspace': Trump administration looks to secure its communications channels ahead of US-North Korea summit (Business Insider) Prior to the summit between President Donald Trump and North Korean leader Kim Jong Un, US and North Korean officials would have to open communication channels to share information, leaving them susceptible to hacking attempts.

North Korea’s Hackers—Many Living Abroad—Have Nabbed It $650 Million (Nextgov.com) The North Korean government has rapidly become a world leader in hacking.

Imagining a Cyber Surprise: How Might China Use Stolen OPM Records to Target Trust? (War on the Rocks) “What is the quickest way you can destroy an organization?... Mistrust and discord.” -Col. John Boyd The cyber attack — both real and imagined — has come a long

GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities (TrendLabs Security Intelligence Blog) We recently found similar Mirai-like scanning activity from Mexico with some being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers.

Facebook conspiracy theories after Android app tries to “get root” (Naked Security) Facebook’s Android app suddenly started making a bid for superuser access. Conspiracy theories popped up like fungi. (It’s now fixed.)

Comcast is (update: was) leaking the names and passwords of customers’ wireless routers (TechCrunch) Comcast has just been caught in a major security snafu: revealing the passwords of its customers' Xfinity-provided wireless routers in plaintext on the web. Anyone with a subscriber's account number and street number will be served up the wi-fi name and password via the company's Xfinity internet a…

Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords (Ars Technica) Activation site leaked passwords in plain text to anyone with an account number.

TeenSafe Tracking App Exposes Thousands of Private Records (Threatpost) Records for a mobile app that parents can use to monitor what their kids are doing online has been exposed in the latest Amazon Web Services cloud misconfiguration.

Fortnite is coming to Android, but malicious fake apps are already there (Help Net Security) Android users eager to play the increasingly popular Fortnite survival game on their mobile devices are being targeted left and right with malicious apps masquerading as the game or apps related to it.

Exclusive: 'Bad guys aren't so bad' as cryptomining is a sign of conscience (Security Brief) Cryptomining is now a more popular method of cybercrime than ransomware but expert Tim Brown says this isn't a bad thing as it causes less harm.

Websites Still Under Siege After 'Drupalgeddon' Redux (BankInfo Security) Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit (Register) 'It may be possible for an attacker to intercept your router'

The IRS Doesn’t Know Who’s Accessing Its Most Sensitive Data (Nextgov.com) The tax agency also isn’t patching vulnerabilities on those systems in a timely manner, an audit found.

CyberArk shows how ‘shadow admins’ can be created in cloud environments (Security Boulevard) There’s little doubt “digital transformation” is here to stay. And it is equally clear that just about all of the fundamental network vulnerabilities we already know about will escalate, in lockstep, with any benefits accrued. It turns out that speeding up tech innovation cuts both ways. Related article: How safeguarding privileged accounts can lower insurance

Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining (Threatpost) Analysis shows that the malware, previously a banking trojan focused on Android devices, has rapidly evolved just in the past month.

Multilingual malware hits Android devices for phishing & cryptomining (HackRead) The Roaming Mantis cryptomining malware not only targets Android but it is also capable of phishing attacks on iOS devices.

Phishing Email Ironically Provides a List of Scammers You Should Avoid (BleepingComputer) There really is no honor among thieves. I recently found a phishing scheme that contains a list of names that are associated with other scams that the recipient should avoid.

The operations and economics of organized criminal email groups (Help Net Security) Agari's research report provides unprecedented insight into the operations and economics of organized criminal email groups.

Email Is Dangerous (Nextgov.com) Electronic mail as we know it is drowning in spam, forged phishing mails, and other scams and hacks. It’s going to get worse before it gets better.

Malware Distributed via .slk Files (SANS Internet Storm Center) Attackers are always trying to find new ways to infect computers by luring not only potential victims but also security controls like anti-virus products.

Donald Trump's smartphone security: an inconvenient truth (Graham Cluley) According to reports, US President Donald Trump hasn’t been following the advice of his security team, and is resisting their attempts to regularly check his iPhone to see if it has been hacked.

Security Patches, Mitigations, and Software Updates

Dell Patches Vulnerability in Pre-installed SupportAssist Utility (SecurityWeek) Dell recently addressed a local privilege escalation (LPE) vulnerability in SupportAssist, a tool pre-installed on most of all new Dell devices running Windows.

DrayTek router user? Patch now to keep the crooks out… (Naked Security) DrayTek has announced a security hole in its Vigor range of routers.

Chrome drops ‘secure’ label for HTTPS websites (Naked Security) When it comes to browser security, how important are the address bar icons and labels that tell users about a site’s security status?

Cyber Trends

Biggest Web Security Vulnerabilities Haven’t Changed Much – And That’s Not a Good Thing (Data Center Knowledge) After 15 years, the OWASP Top 10 list remains largely the same

Government Industry Insights: State of Privacy and Security Awareness (MediaPRO) We gauged the privacy and security awareness of employees in government by surveying 1,016 U.S.-based employees who work for local, state, and federal government entities. We then compared the results against a broader sample of employed U.S. adults, and used our (rather alarming) results to create this infographic.

The Cybersecurity 202: We surveyed 100 security experts. Almost all said state election systems were vulnerable. (SFGate) The midterm elections are less than six months away, but an overwhelming 95 percent of digital security experts surveyed by The Cybersecurity 202 say state election systems are not sufficiently protected against cyberthreats.

Cybersecurity training for employees still not as widespread as it should be (WeLiveSecurity) Employees are sometimes held up as a ‘weak link’ when it comes to the cyber safety of organizations but worryingly employers are still overlooking the implementation of cybersecurity training for their workers.

IoT security is too hard, so we're giving up (Stacey on IoT) We’re putting a lot of technology in a lot more places these days, and we’re connecting it to the internet in the hopes of being able to see new patterns so we can change our lifestyles and businesses. This has opened up a huge attack surface. In the last two years, not only have a …

Cybercriminals make a meal of weakened supply chains (Security Brief) Ransomware attacks and other cyber threats are targeting the supply chain in greater numbers, says Dimension Data's latest report.

CISO careers: Several factors propel high turnover (SearchCIO) Kudelski Security's John Hellickson explains the top factors driving the high CISO turnover and highlights the myriad challenges that affect CISO careers.

The Cyber Security Arms Race (Global Recruiter) uk recruitment global recruitment security software technology | The Global Recruiter

Marketplace

Who's Afraid of Kaspersky? (Motherboard) We went to Kaspersky Lab's SAS conference, where the controversial Russian anti-virus firm showcases its best research, wines and dines competitors and journalists, and burns American espionage operations.

The Line Between Big Tech and Defense Work (WIRED) Employees at Google are protesting a Pentagon contract. But there are few signs of unrest over CIA deals at Amazon and Microsoft.

The Pentagon's Controversial Drone AI-Imaging Project Extends Beyond Google (Gizmodo) Google has pressed forward with its effort to provide artificial intelligence solutions to the Department of Defense, despite an internal employee petition against the company’s involvement in a pilot program that analyzes drone footage using AI and the resignations of around a dozen employees who objected to the program.

Parsons buys Polaris Alpha to scale up in space & cyber (Washington Technology) Parsons Corp. buys defense and intelligence community IT company Polaris Alpha to grow complex technology services in areas such as space and cybersecurity.

Fishtech Group Announces Intent to Acquire Haystax Technology (Haystax) Fishtech Group has announced it intends to acquire Haystax Technology, an advanced security analytics and risk management solutions provider, as a wholly owned entity.

TransUnion adds fraud intelligence and identity capabilities with acquisition of iovation (BiometricUpdate) Credit reporting agency TransUnion will acquire authentication and device intelligence firm iovation to strengthen its fraud and identity management capabilities, according to an announcement. “iov…

Threat Sketch Completes First Round of Investments (PR Newswire) Threat Sketch, a leading cybersecurity firm, announces today the...

RunSafe Security raises $2.4M to protect hardware from cyberattacks (Technical.ly DC) The McLean, Va. startup seeks to stop malware from entering devices. It counts data centers among early customers.

ThreatQuotient Launches Operations in Central Europe, Australia, APAC (ThreatQuotient) Continued Global Expansion and New Hires Surge Momentum for Innovative Solutions Addressing Security Operations Challenges

Claroty Launches Channel Program and Announces New Industrial Cybersecurity Partnerships (Claroty) Claroty Vision Program Expands Global Reach and Joint Solution Delivery with OT Leaders, Including Dimension Data/NTT Security, Optiv, and Kudelski Security

Salient CRGT puts up fight for lost DHS contract (Washington Technology) Salient CRGT thinks it should have won a $94 million contract to support Customs and Immigration Services and it has gone to GAO to try to prove it.

Cybersecurity Leader Christian Reina Joins D3 Security as Director of Incident Response (BusinessWire) D3 Security today announced the addition of cybersecurity leader, Christian Reina, as the company’s Director of Incident Response.

Crowe Horwath appoints chief data science officer (PR Newswire) As part of its continued investment in technology and data, Crowe Horwath LLP...

NETSHIELD Corporation Appoints Jason Syversen as Director (PR Newswire) Today NETSHIELD Corporation's President & CEO, Ed Wall, announced the...

Products, Services, and Solutions

OSPT Alliance launches CIPURSE training program with FIME (Fintech Finance) Global technical association, OSPT Alliance has collaborated with FIME to develop and launch a technical training program. It will educate security, ID, payment, access control and transport player…

Accellion Announces Availability of its Secure File Sharing and Governance Platform on Salesforce AppExchange, the World's Leading Enterprise Apps Marketplace (Accellion) Accellion, Inc. today announced the availability of its secure file sharing and governance platform on the Salesforce AppExchange to enhance how enterprise organizations connect with their customers.

Wombat Security Launches Second GDPR Training Module to Improve Employee Understanding of Secure Data Handling (PR Newswire) Wombat Security (Wombat), a division of Proofpoint and the leading provider...

Norton by Symantec to Release Fast, Secure Connected Home Wi-Fi Router in Australia (BusinessWire) Norton by Symantec today announced the availability of the lauded Norton Core secure Wi-Fi router in Australia.

Trend Micro launches free ransomware removal tools (GulfNews) Middle East accounts for 4 75 of global ransomware numbers in Q1 of 2018

Amazon Is Selling Cheap, Real-Time Facial Recognition Technology to Cops (Motherboard) The ACLU says the technology, called 'Rekognition,' is dangerous and has demanded that Jeff Bezos stop selling it to governments. Amazon has advertised it to law enforcement for use on body cameras.

Technologies, Techniques, and Standards

Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command (OODA Loop) “The broad purpose of Project Indigo is to help inform U.S. Cyber Command about nation-state hacking aimed at banks. In practice, this intelligence is independently evaluated and, if appropriate, acted upon through Cyber Command’s own unique authorities. Eight financial institutions are involved in FSARC: Bank of America, BNY Mellon, Citigroup, Goldman Sachs,

The State of Information Sharing: 20 Years after the First White House Mandate (Dark Reading) Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.

Fighting ransomware with network segmentation as a path to resiliency (Help Net Security) Organization can achieve network resiliency and survivability through a strategy embracing network segmentation in general, and micro-segmentation in particular.

The reasons US cyber defense must up its battle rhythm (Fifth Domain) The elevation of CYBERCOM is prompting changes for its defensive arm.

How the Internet of Things could improve weapons tracking (C4ISRNET) An array of perspectives and messages from thought leaders in the defense IT and C4ISRNET community.

Cities and Counties Turn to Machine Learning to Bolster Cybersecurity (StateTech Magazine) Local governments are using platforms like Darktrace to mitigate unknown threats in ever-changing cyberspace.

Put an Extra Passcode On Your Cellphone Account (Motherboard) Your cellphone number is the key to your entire online identity. Criminals are increasingly targeting people's phone numbers as a way to steal their identities and break into their most sensitive accounts.

Design and Innovation

Boston startup aims to revolutionize public safety by tapping into IoT devices (SiliconANGLE) The chaos that engulfs the scene of a mass shooting is often the gunman’s best friend.

Research and Development

Ntrepid Awarded Patent for Cutting-Edge Secure Virtual Machine to Support Misattribution Suite (BusinessWire) Ntrepid today announced it has been granted US Patent 9,954,825 for its secure virtual machine.

Academia

UNG adds doctorate in nursing and bachelor's in cybersecurity (University of North Georgia) The University of North Georgia (UNG) expands its ability to fill critical industry shortages in healthcare and cyber technology with the approval of two new degrees: a Doctor of Nursing Practice (DNP) and a Bachelor of Science in cybersecurity.

Legislation, Policy and Regulation

U.S., China Agree on Outline to Settle ZTE Controversy (Wall Street Journal) The U.S. and China have agreed on the broad outline of a deal that would save imperiled Chinese telecom giant ZTE, as the two sides move closer to resolving their trade dispute.

ZTE Kerfuffle Shows Cybersecurity Doesn’t Operate in a Vacuum (Nextgov.com) Lawmakers have decried the president’s efforts to reverse a ban on a Chinese telecom, citing security fears, but there’s a lot more at stake.

Department of Homeland Security's National Cybersecurity Strategy (Security Intelligence) The Department of Homeland Security (DHS) released a new national cybersecurity strategy on May 15. The plan hopes to address the evolving digital threat landscape.

RIP Cyber Coordinator: An Obituary (The Cipher Brief) Rest in peace, Cyber Coordinator. The White House’s Special Assistant to the President and Cyber Coordinator has now been eliminated, apparently ending (or more likely pausing) a two-decade history. It will widely be reckoned as a hideous mistake but not perhaps the one which most needs our immediate attention.

NDAA would let DoD onboard new cyber officers at much higher pay grades (FederalNewsRadio.com) The House's version of the annual Defense policy bill would let the military onboard new officers with outside cyber expertise up to the rank of Army colonel or Navy captain.

Litigation, Investigation, and Enforcement

Global Fraud Hits £3.2 Trillion. (Infosecurity Magazine) Global Fraud Hits £3.2 Trillion. UK losses stand at £110bn but greater insight can help reduce risk, says report

Greenwich Uni Hit by £120K ICO Fine (Infosecurity Magazine) Greenwich Uni Hit by £120K ICO Fine. Major breach in 2016 a result of negligence, says watchdog

FCC urged to investigate ID theft in fake net neutrality comments (CSO Online) In bipartisan letter, senators tell FCC that 'We the People' deserve to know who misused Americans’ identities and submitted the millions of fake net neutrality comments.

Mugshots.com’s alleged owners arrested for extortion (Naked Security) Mugshots.com publishes people’s mugshots and extorts a removal fee.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

upcoming Events

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Speculative Store Bypass bug. Nation-state intentions. Router botnet forms. Comcast, TeenSafe customer data exposed.