current issue – 5.24.17

10 Steps to Establishing an Effective Insider Threat Program

Greetings!

Special Section: the 2017 Cyber Investing Summit (our regular summary appears below)

The Second Annual Cyber Investing Summit met yesterday at the New York Stock Exchange. We'll have more extensive accounts of the proceedings tomorrow, but for a quick summary, here are some of the high points.

The discussions brought to the fore the irreducibly human dimensions of cybersecurity. The opening keynote, an engaging performance by Kevin Mitnick (once notorious, and now famous hacker, and KnowBe4's Chief Hacking Officer) demonstrated the importance of misdirection to successful attacks of all kinds. In the mid-day keynote, former US Secretary of Homeland Security Michael Chertoff presented a broad overview of the threat landscape, highlighting the increasing convergence of criminals and nation-state intelligence services, and calling for development of international norms of cyber conflict. He specifically advocated that the global financial system be placed off-limits in cyber conflict, and that recommendation was not prompted merely by the Summit's Wall Street venue. The global financial system is distinctively vulnerable to disruption by cyberwar, and such disruption would have widespread humanitarian consequences of the kind nations (imperfectly) have sought to restrain.

Other presentations and panels brought together investors, security companies, and the buyers of security products. We'll have accounts of those discussions beginning tomorrow.

Today's regular daily summary starts here.

THE CYBERWIRE (Wednesday, May 24, 2017)—Investigation into the Manchester terror attack continues. Authorities in the UK are increasingly approaching the conclusion that the attack wasn't the work of an isolated fanatic, but rather one carried out with some degree of encouragement, inspiration, and support from others. French and US leaders have expressed solidarity with the UK, and promise closer intelligence cooperation. In hearings yesterday before the US Senate, NSA Director Rogers gave clear (if properly veiled) assurance that the US was conducting extensive cyber operations against ISIS. ISIS has of course praised the attack as an inspiration, and claimed the bomber as a "soldier of the Caliphate."

Symantec's attribution of the WannaCry attacks to North Korea is being picked up by other observers, with some dissenting voices being raised. The dissent is founded largely on grounds of a priori caution, attribution of this kind being necessarily circumstantial. But they also cite evidence in the code pointing to the possibility that the Lazarus Group's spoor Symantec followed was the result of some unknown third-party copying earlier malware. The mixed nature of the attack also baffles some: were the attackers stumblebums who copied malware ineptly and simply delivered it via the slick EternalBlue exploit, or were they playing some deeper game?

EnSilo today released a patch for one of the unpatched EternalBlue Microsoft vulnerabilities: ESTEEMAUDIT, which afflicts WindowsXP and Windows Server 2003.

Trend Micro yesterday patched its Trend Micro ServerProtect for Linux 3.0 (with a hat tip to Core Security, whose researchers found and reported the bug.)

[250]

Today's edition of the CyberWire reports events affecting Australia, China, the European Union, France, the Democratic Peoples Republic of Korea, New Zealand, Libya, Russia, Syria, the United Kingdom, and the United States.

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

On the Podcast

In today's podcast we hear from Jonathan Katz, of our partners at the University of Maryland, who discusses Bitcoin vulnerabilities arising from Internet routing weaknesses. Our guest, FireEye's Ben Read, describes his company's research into a zero day involving EPS files.

Sponsored Events

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

SANS Technology Institute (online event, June 13, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, June 13th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Selected Reading

Dateline New York City: the latest from the Second Annual Cyber Investing Summit

Former hacker Kevin Mitnick shows WannaCry to Wall Street execs (SC Magazine US) A gathering of Wall Street executives were given a first-hand explanation today on how to secure their companies against phishing attacks by a former hacker.

Cyber Attacks, Threats, and Vulnerabilities

North Korea link to NHS hacking attack (Times (London)) North Korea has emerged as a credible suspect for the ransomware attacks that paralysed parts of the NHS. A source in the security services told The Times that a link was possible after Symantec, a...

Mounting evidence points to North Korean group for global ransomware attack (Cyberscoop) Symantec said it has discovered "strong links" between WannaCry ransomware and the so-called Lazarus Group.

More links between WannaCry and Lazarus group revealed (Help Net Security) Symantec researchers have found more WannaCry Lazarus links. Lazarus is the hacking group believed to be behind the Sony Pictures hack.

Symantec attacked over claims that WannaCry ransomware is the work of North Korea (Computing) WannaCry links to North Korea premature, inconclusive and distracting, claims Institute for Critical Infrastructure Technology

There's Proof That North Korea Launched the WannaCry Attack? Not So Fast! (ICIT) Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their systems against publically disclosed vulnerabilities and threats, and the hazards of the collection and concealment of exploitable vulnerabilities by governments, agencies, and private organizations.

WannaCry 2.0 is latest threat to company's financial data security (Inc.com) WannaCry 2.0 is latest threat to company's financial data security

Warning after WannaCry sets off fake BT phishing attack (Naked Security) It’s a sad fact that we end up seeing warnings about warnings in the aftermath of a major cybersecurity event

Stamford data-security firms repel cyber attack (StamfordAdvocate) Several local data-security firms report their clients emerged without harm from the global WannaCry cyber attack that struck earlier this month, an outcome they said reflected the strength of those firms’ defenses.

SCADA systems plagued by insecure development and slow patching (Help Net Security) SCADA systems' HMIs are the logical point of attack: if an HMI is compromised, attackers can do anything to the critical infrastructure it manages.

SECURITY: Cyber raises threat against America's energy backbone (EnergyWire) Five years ago, an attack on nearly two dozen U.S. natural gas utilities set off alarm bells in the U.S. intelligence community. A hacker using the nickname UglyGorilla stole troves of sensitive data from gas pipeline companies, breaching the nation's 300,000-mile web of steel that's a critical backbone for the nation's economy. Since then, increased reliance on natural gas for power generation has made the gas transmission system one of the most consequential hacking targets in the country.

Jaff Ransomware Switches to the WLU Extension and Gets a New Design (BleepingComputer) A new variant of the Jaff ransomware was discovered that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns.

Hackers could target voters, not votes, in UK election (Computing) Accusations of cyber attacks have plagued recent elections worldwide. Here's how the UK election could be hacked (but probably won't be.

Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio (Help Net Security) By crafting malicious subtitle files for films and TV programmes, attackers can take complete control of any device running the vulnerable platforms.

Botnets: Dawn of the connected dead (Esisoft) Botnets control PCs and IoT devices to take down major websites and wreak havoc online. Are you among them?

Bishop Fox Research Finds 98% of the Top Million Internet Domains Are Potentially Vulnerable to Email Spoofing (PRNewswire) Bishop Fox, a leading global cybersecurity consulting firm, recently analyzed...

Report: The darknet contains a vast treasure trove of stolen Fortune 500 data (TechRepublic) OWL Cybersecurity claims to have indexed over 24,000 darknet domains, and every single Fortune 500 company has some degree of exposure. Here's what that means for you.

Security Patches, Mitigations, and Software Updates

enSilo Protects Millions of Unsupported Windows XP and Windows Server 2003 Users from Future Malware Attacks with Independent Patch for "ESTEEMAUDIT" RDP Exploit (PRNewswire) enSilo, the company that has redefined endpoint security, today announced...

enSilo Releases Free Patch for ESTEEMAUDIT Exploit (enSilo) enSilo has issued a patch that protects vulnerable users from ESTEEMAUDIT, a vulnerability that leaves users exposed to ransomware and other malicious code.

SECURITY BULLETIN: Trend Micro ServerProtect for Linux 3.0 Multiple Vulnerabilities (Trend Micro Business Support) Trend Micro has released a Critical Patch (CP) for Trend Micro ServerProtect for Linux 3.0. This CP resolves vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code via multiple vectors.

Trend Micro ServerProtect Multiple Vulnerabilities (Core Security) Vulnerabilities were found in the ServerProtect for Linux update mechanism, allowing remote code execution as root. We present two vectors to achieve this: one via a man-in-the-middle attack and another one via exploiting vulnerabilities in the Web-based Management Console that is bundled with the product.

Cyber Trends

29% Increase In Vulnerabilities Already Disclosed In 2017 (Risk Based Security) Risk Based Security today announced the release of our VulnDB QuickView for the first quarter of 2017. The report shows an unrelenting rise in the number of vulnerabilities being reported. Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year.

Data breach activity reaches all-time high (Help Net Security) With over 1,200 breaches and over 3.4 billion records exposed, 2017 is already on pace to be yet another “worst year on record” for data breach activity, a

How quantum computing increases cybersecurity risks (Network World) Quantum computers are expected to arrive within nine years, and organizations better have quantum-safe security if they want to keep their data safe.

As ECommerce Accelerates, So Too Does The Risk Of Cyber Crime (Payment Week) A new survey released by Centre for International Governance Innovation, in collaboration with the UN, reports that consumers around the world are becoming more cautious of online transactions due to the rise in cybercrime and privacy breaches.

Kaspersky: Cyber battleground to shift to critical infrastructure (ARN) Eugene Kaspersky warns that SCADA systems are woefully unprepared for attacks to come.

Building a robust and resilient cyber system (LiveMint) If in previous years cyberattacks could lead to monetary losses, today they can cost lives. Just cybersecurity isn’t enough any more

It’s More Than A Ransomware Attack (Huffington Post India) I often wonder if all of us are under a continuous tactical attack…

IBM Study: Blockchain Adoption on the Rise (Security Intelligence) A new IBM study found that one-third of C-level executives are currently using or planning to implement blockchain technology.

Hackers break deep into vital networks (NewsComAu) International hackers are targeting Australia’s “critical infrastructure and systems of national significance” several times a day, one of country’s most senior cyber crime fighters has warned.

Australian businesses lose $1.7 million to hacking scams (CRN) A report published by the Australian Competition & Consumer Commission (ACCC) showed that 21 businesses lost a total of $1.7 million related to computer hacking scams in 2016.

Marketplace

WannaCry Ransomware Raises Stakes for Cyber-Security Insurance (eWEEK) Insurance companies are already starting to see claims as a result of the WannaCry ransomware worm, though it's still too early to measure the full financial impact.

Baltimore startup raises $3 million to bring cybersecurity to shipping industry (Baltimore Business Journal) A local cybersecurity firm has raised $3 million to develop its software platform aimed at improving real-time tracking in the shipping and logistics industry.

Microsoft to acquire cyber security company Hexadite for $100m - report (Computing) Boston-based AI security company Hexadite counts Hewlett Packard Ventures as a backer

Security Advice From The CEO Of The World's Newest Unicorn - CrowdStrike (Forbes) Last week, CrowdStrike, a cloud-based security company headquartered in Irvine, California raised $100MM in a series D, led by Accel Partners. With this injection of funds, the company has reached “unicorn” status as a venture funded company with a valuation over $1 billion.

Executive Insights: An Interview with Phil Quade (Fortinet Blog) We regularly do deep dive Q&A pieces with our executives to share the leadership perspectives at Fortinet. Read...

root9B Holdings Reschedules Annual Meeting of Stockholders; Updates Status of 10-Q Filing (Benzinga) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB" or "the Company") today announced that its Board of Directors has...

The 3 Best Network Security Stocks to Buy in 2017 (The Motley Fool) These three network security experts look like great investments right now. Which one is the best fit for your investing style?

Check Point: Best Play In Cyber Security? (Seeking Alpha) Strategic shift towards focusing on subscription revenue will produce stable cash flows and increase stickiness of customers. Amidst growing cyber-security conc

Proofpoint: If It’s Good Enough For Gartner, It’s Good Enough For You, Says FBN (Barron's) FBN Securities said security vendor Proofpoint is poised to benefit from recent attacks such as the WannaCry malware, which spread mostly through email, an area where it has particular expertise.

3 Reasons the FireEye Inc Rally Will Continue (The Motley Fool) Strong first quarter results reveal some exciting trends that should ensure long-term growth.

Why Security Vendor Symantec May Need Its Own Protection (Market Realist) Competition taking its toll on Symantec

InquisIT awarded Army security contract (C4ISRNET) The company plans to hire more than 20 new employees to support the contract on-site at Fort Belvoir, Virginia.

CACI awarded $21 million task order for naval cyber support (Military Embedded Systems) CACI International Inc announced that it has been awarded a $21 million task order by the Space and Naval Warfare Systems Center (SSC) Atlantic to provide cybersecurity systems support to the Naval Facilities Engineering Command (NAVFAC) to enhance the security of industrial-control systems critical to the U.S. infrastructure. The two-year task order, awarded under the SPAWAR Integrated Cyber Operations contract vehicle, represents continuing business for CACI.

Leidos Secures SPAWAR Contract for Navy ISR Platform Support; Tim Reardon Comments (GovCon Wire) Leidos (NYSE: LDOS) will provide technical assessment, program...

Highest European CISO salaries set to reach €1 million (Help Net Security) With the looming advent of the GDPR, the salary for CISOs at some top European firms is slowly reaching the €1 million mark.

Is the day of the CDO over? Two-thirds of businesses don't have a CDO - and most don't want one (Computing) Numbers have increased in recent years, but demand is tailing off, suggests KPMG survey

Application Security Leader Checkmarx Expands U.S. Footprint with New Atlanta Office (BusinessWire) Checkmarx, a global leader in Application Security Testing (AST), today announced the official opening of a new office location in Atlanta, GA.

Forcepoint Vet John McCormack Named Fidelis Interim President, CEO (GovCon Wire) John McCormack, former CEO of security firm Forcepoint, has been appointed to serve as Fidelis Cyber

Multibillion-dollar security start-up Tanium snares a CTO from Facebook (CNBC) Tanium hired Facebook executive Chris Bream as CTO; co-founder Orion Hindawi will relinquish the title but stay as CEO.

Rapidly Gaining Momentum: Securonix Adds Security Industry Veterans to Executive Team (Marktwired) Securonix appoints Aarij M. Khan as vice president of marketing and Mel Shakir as vice president of product development

Unisys Appoints Government Technology Leader Ann-Marie Johnson to Support and Expand Work with Department of Homeland Security (PRNewswire) Unisys Corporation (NYSE: UIS) today announced that it has appointed...

ARM's Helen Adams making move to Intercede (BOLSAMANIA) Digital identity, credential management and secure mobility company Intercede announced on Tuesday that Helen Adams had joined the executive management team as the group's chief sales officer.

Products, Services, and Solutions

Columbus Collaboratory Extends Its Information Sharing, Analysis Capabilities Through Strategic Partnership With TruSTAR Intelligence Exchange Platform (Marketwired) Columbus Collaboratory ISAO is Ohio's first ISAO capable of producing analytics-enhanced intelligence products and supporting real-time exchange of cybersecurity intelligence among collaborating companies via TruSTAR platform

Cylance Delivers First AI-driven Endpoint Detection and Response Solution with Introduction of CylanceOPTICS (BusinessWire) Cylance® Inc., the company that revolutionized traditional antivirus with AI-powered threat prevention, announced the general availability of Cyla

Flashpoint Intelligence Platform 3.0 Provides Finished Intelligence Experience and Advanced Customizations (Marketwired) New innovation further extends organizations' ability to apply business risk intelligence across the enterprise and address diverse use cases

The Media Trust's Digital Risk Management service prepares organizations for the EU General Data Protection Regulation's effect on consumer-facing digital properties (PRNewswire) The European Union's General Data Protection Regulation (GDPR) governing...

Netwrix Auditor Saves Danish Local Authority up to 40 Hours per Month on Compliance Monitoring (Netwrix) The Municipality of Roskilde gains centralized control over critical systems to assure data security and automate compliance efforts

How Nerdio Provides a One-of-a-Kind Security Analytics Solution (Nerdio) Cloud security has become increasingly important as malware continues to evolve. See how Nerdio and Observable Networks tackle this issue.

eGlobalTech Announces Availability of “DevOps Factory (TM)” Across U.S. Federal Government, Accelerating Delivery of Secure IT Solutions (Military Technologies) With advanced security and cloud deployment automation tools, this proven DevOps framework provides secure, scalable and cost-effective IT solutions for federal customers

Thycotic Introduces Privilege Ready Program to Further Protect Against Cyberattacks (PRNewswire) Thycotic, a provider of privileged account management (PAM) solutions for...

Optiv Security Enhances Third-Party Risk Intelligence Capabilities to Address Continuous Cyber Security Risk Monitoring Challenges (BusinessWire) Optiv security announced it has enhanced the intelligence capabilities within its third-party risk management platform, Evantix, to address organizati

Did You Know We Have A Knowledge Base? (ThreatConnect) From guides to training videos and best practices, ThreatConnect’s Knowledge Base has everything you need to use the Platform to its fullest potential.

AT&T delivers new security features for business networks - Computer Business Review (Computer Business Review) AT&T enhances security for business networks with new applications deployed across its network functions platform, which adds services for business custom

NetCentrics Implements Tanium™ for Government Agency to Enable Rapid Response to Cyber Threats (PRNewswire) NetCentrics Corporation, a leading provider of enterprise IT services and...

Light Point Security Eliminates Web Threats and Increases User Productivity for One of the Nation's Largest Administrators of Employee Benefits (PRNewswire) Light Point Security, creators of the Light Point Web Full Isolation...

Microsoft Just Built A Special Version of Windows For China (Fortune) New software will satisfy the needs of the Chinese government.

EY to help businesses comply with EU General Data Protection Regulation in collaboration with Microsoft (PRNewswire) EY announced today that it is collaborating with Microsoft on a broad approach...

New software adds secure authentication to any enterprise application (BetaNews) Increased numbers of phishing and other cyber attacks are putting companies under greater pressure to secure their applications.

Vera Unveils First Data-Centric Security Solution with Multi-factor Authentication (Marketwired) Vera (vera.com), the leader in data-centric security enabling businesses to secure, track and share any type of digital information, today announced support for multi-factor authentication (MFA) solutions by Duo Security, RSA SecureID and Twilio.

Technologies, Techniques, and Standards

EU security think tank ENISA looks for IoT security, can't find any (Register) Proposes baseline security spec, plus stickers to prove thing-makers have complied

WannaCry 2.0: Detect and Patch EternalRocks Vulnerabilities Now (Tenable) A new network worm dubbed EternalRocks is making the news this week as the successor to the WannaCry ransomware.

Buy vs. Build: Tales from the Trenches (ThreatQuotient) In mid-2010 I was running a large Defense contractor SOC and was forced to build what’s currently known as a threat intelligence platform (TIP).

Design and Innovation

'Game changer': Army wants an unmanned electronic warfare vehicle (C4ISRNET) What the Army envisions is a small robot weighing 15 to 20 pounds, with enough battery power to provide intelligence to ground units for up to four hours.

Warbot Ethics: A Framework for Autonomy and Accountability Warbot Ethics: A Framework for Autonomy and Accountability (Strategy Bridge) Rapid improvements in robotic technologies are presenting both civilian policy makers and military leaders with uncomfortable ethical choices.

Academia

Waikato Uni and Tonga team for cyber security (Computerworld New Zealand) The University of Waikato’s Cyber Security Lab and the Government of Tonga have signed a MoU to collaborate on cyber security issues.

Legislation, Policy, and Regulation

Rogers: U.S. is ‘using cyber offensively against ISIS’ in a legal way (Washington Post) Adm. Michael S. Rogers, the head of U.S. Cyber Command and the National Security Agency, told a House Armed Services subcommittee on May 23 that the U.S. is “using cyber offensively against ISIS” in a legal way.

Manchester bombing: France reinforces security, intel relationship with Britain (Defense News) The French armed forces minister has spoken with her British counterpart regarding the deadly bomb attack on the evening of May 22 at Manchester, England.

Trump promises solidarity with U.K. against ‘evil loser’ terrorists (POLITICO) The president refused to call the Manchester attacker a monster because ‘they would like that term.’

China imports from North Korea fall as sanctions start to bite (South China Morning Post) Beijing has curbed purchases of coal from North Korea as part of efforts to pressure Pyongyang into ending its nuclear weapons programme

Government plan to try, once again, to force tech companies put back doors into encryption (Computing) War against encryption to be re-ignited after election

Take the first step toward good global data sharing rules (TheHill) OPINION | Privacy advocates and law enforcement advocates have many issues about which they disagree – any one of which might sidetrack these useful first steps toward reform. We should not let those issues derail reforms on which most agree.

Trump budget seeks $1.5B for Homeland Security cyber unit (TheHill) NPPD would receive $1.5 billion for cybersecurity, infrastructure protection.

CyberCom seeks 16 percent budget surge for 2018 -- FCW (FCW) U.S. Cyber Command is seeking $647 million in funding for fiscal year 2018, a 16 percent boost over 2017 funding, to support cyber mission forces and elevation to a full combatant command.

Litigation, Investigation, and Law Enforcement

The Manchester bombing was no lone wolf attack — Salman Abedi had help (Times (London)) Counter terrorism agencies have been at full stretch for months, all the time expecting Islamic State and its followers to lash out in the West as its strongholds in Iraq and Syria are encircled.

Libya terror link to Manchester attack (Times (London)) The suicide bomber who murdered 22 people at a concert in Manchester had recently returned from Libya, it emerged last night as Britain was put on alert for another imminent attack. Thousands of...

Appeals court decision keeps lawsuit against NSA surveillance alive (TheHill) A federal appeals court on Tuesday reversed a lower court’s decision to dismiss Wikimedia’s lawsuit challenging the National Security Agency’s (NSA) mass interception of Americans’ international digital communications.

Brennan: Russia may have successfully recruited Trump campaign aides (POLITICO) The former CIA director also says the FBI probe into whether Russia meddled in the election is "well founded."

Former CIA Director Outlines Russian Playbook for Influencing Unsuspecting Targets (Foreign Policy) John Brennan told lawmakers that intelligence revealing communications between American and Russian officials "raised questions" about cooperation for him.

Senate Intel panel issues subpoenas to Flynn businesses (TheHill) The leaders of the Senate Intelligence Committee on Tuesday announced that they were issuing two additional subpoenas for businesses associated with former national security adviser Michael Flynn.

Military Officials Testify on Cybersecurity at SASC Hearing (DVIDS) Coast Guard Vice Adm. Marshall Lytle III, Joint Staff director of command, control, communications and computers/cyber and chief information officer; Navy Vice Adm. Michael Gilday, commander of U.S. Fleet Cyber Command and U.S. 10th Fleet; Lt. Gen. Paul Nakasone, commanding general of U.S. Army Cyber Command; Maj. Gen. Christopher Weggeman, commander of 24th Air Force and Air Forces Cyber; and Maj. Gen. Loretta Reynolds, commander Marine Corps Forces Cyberspace Command, testify on cybersecurity before the Senate Armed Services Committee, May 23, 2017.

House panel doesn't bring up Trump to Rogers (CNN) National Security Agency Director Adm. Mike Rogers was at the heart of a bombshell report Monday that President Donald Trump asked him and Director of National Intelligence Dan Coats to dispute to publicly deny evidence of collusion between his campaign and Russian officials.

Homeland Security Dems respond to rumored Trump retaliation plan (TheHill) "We are deeply concerned by reports of plots within the White House to make false statements about a critical cybersecurity information sharing program in an effort to draw attention away from the President’s reckless decision to share classified information with Russian officials," said Ranking Member of the House Committee on Homeland Security Bennie Thompson (D-M.S.) and committee member Rep. Cedric Richmond (D-L.A.) in a letter to the White House.

Man acknowledges trying to sell satellite secrets to Russia (Federal Times) Gregory Allen Justice entered pleas Monday to two felonies: economic espionage and violating the Arms Export Control Act.

Russian Police Apprehend Criminal Gang Behind Cron and PonyForx Malware (BleepingComputer) Russian authorities have arrested the Cron malware gang, responsible for selling the Tiny.z Android banking trojan and the PonyForx Windows infostealer.

Digital watermark leads police straight to Bollywood pirates (Naked Security) Digital signing led police to the would-be extortionists – a welcome turnaround for the movie industry after a run of thefts

Man jailed for stealing images and details from more than 50 women (Naked Security) When someone like this is caught and jailed it’s a sobering reminder to check our own digital footprint – here are some tips to help you secure your information

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Cyber Security Summit - 6.1.17 - CYBERWIRE50
Cybertech Fairfax (06.13.17)
Prepare to Lead in Cybersecurity: Online Information Session 6.13.17

Upcoming Events

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.

ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber threat, and strategies and solutions that meet the diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.

LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers. Organized by the International Legal Technology Association.

the cyberwire
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire or Pratt Street Media, LLC.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.