Cylance: We prevent cyberattacks using artificial intelligence.

The daily briefing.

Our Producer's Circle patrons receive the CyberWire Quarterly Report (our regular summary appears below)

Our thanks to the Patrons who generously support of the CyberWire. We're happy to add a new benefit this week: members of the Producer's Circle now receive exclusive access to our new Quarterly Report. If you'd like to see a sample of the Quarterly Report (redacted, of course, because only the Patrons' have access, and anything else would be dilutive), this is it. And thanks again to all of our Patrons.

Today's regular daily summary starts here.

Amazon Web Services has sent its customers a reminder that Access Control Lists (ACLs) govern who can see the contents of their S3 buckets, and that they should look at their buckets to insure that public read-access is enabled only where it's supposed to be. Misconfiguration, often by third parties, has hit data held by large organizations hard this summer, but AWS wants customers to remember that protecting information from inadvertent exposure isn't that hard.

TalkTalk's revenues declined in the first quarter, and analysts attribute this in large measure to the breach the telco sustained in 2015.

Malformed Windows MSI files are now known to infect Linux systems, too—researchers call the vulnerability "Bad Taste."

CyberArk's Red Team reports a form of domain fronting that can mask attackers' command-and-control traffic. It abuses content delivery networks (CDNs) and high-traffic domains. Domain fronting uses different domain names at different layers of communication. The technique, CyberArk says, is in use in the wild, and can be applied to highly targeted attacks.

As fears of election hacking persist, the DarkHotel APT group appears ready to offer a fresh approach to political hacking. The online gang uses whaling, digital certificate factoring and Inexsmar malware in its attacks.

In the second cryptocurrency heist reported this week, a hacker stole Ethereum currency worth approximately $30 million by exploiting a vulnerability in a Parity wallet. Parity is working on a fix.

Apple has issued patches for MacOS, iOS, and Safari. Oracle has fixed three-hundred-eight vulnerabilities in its products.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Bahrain, Iran, Iraq, NATO/OTAN, Qatar, Russia, Saudi Arabia, Syria, the United Arab Emirates, the United Kingdom, and the United States.

Can artificial Intelligence increase the precision of threat hunting?

Artificial intelligence is key to making sense of big data and scaling security data analytics. The “spray and pray” shotgun approach is too expensive and too imprecise to combat advanced attacks. So how do you harness the power of AI to increase precision and to proactively stay ahead of advanced attacks? How do you evaluate threat hunting tools? Join an online fireside chat with guests Josh Zelonis and Stephen Pieraldi to get the answers.

On the Podcast

In today's podcast, we hear from our partners at Level 3 Communication, as Dale Drew outlines the security responsibilities of ISPs. Our guest, Chris Ensey from Dunbar Cyber Security, talks about the roles states play in creating an environment for innovation and success in cyber security.

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

BSides Las Vegas (Las Vegas, NV, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Army cyber fighters are on the offensive against ISIS (Defense Systems) Army cyber warriors will attack ISIS as long as it takes to succeed in destroying ISIS networks and communications.

FedEx Files 10-K with Additional Disclosure on Cyber-Attack Affecting TNT Express Systems (FedEx) FedEx Corp. today filed its annual report on Form 10-K for fiscal year 2017 with the Securities and Exchange Commission. The filing includes additional information regarding the June 2017 cyber-attack on the worldwide information systems of TNT Express B.V. (“TNT”), the international express transportation, small-package ground delivery and freight transportation compan

TalkTalk still feeling effects of cyber attack as revenues slip 3.2% - BelfastTelegraph.co.uk (Belfast Telegraph) Telecoms group TalkTalk has said revenues slipped in its first quarter despite adding 20,000 broadband customers as it continues to recover from a cyber attack nearly two years ago.

'Communications Breakdown' Blamed for Verizon Security Gaffe (DSL Reports) A communication breakdown and a vacationing employee are being blamed for Verizon's failure to quickly protect the data of 6 million subscribers. These customers had their names, phone numbers and account PIN numbers

Verizon Data Exposure Incident Highlights Importance of Third-Party Due Diligence (Corporate Counsel) The news that a Verizon Communications vendor exposed millions of customer records highlights the serious risks related to trusting third-party vendors with ...

"Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files (BleepingComputer) Because Windows executables haven't wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems.

CyberArk finds new way of domain fronting for use in attacks (IT Wire) Researchers from the Red Team at CyberArk Labs have found a new way of domain fronting that allows an attacker to mask malware command-and-control traffic and abuse content delivery networks like Akamai.

Windows security hole – the “Orpheus’ Lyre” attack explained (Naked Security) A long-standing bug in the network authentication protocol called Kerberos led to a security hole in Windows, Linux and more.

Multiple Critical Vulnerabilities Found in Popular Motorized Hoverboards (IOActive Blog) Not that long ago, motorized hoverboards were in the news – according to widespread reports, they had a tendency to...

Hacker Uses Parity Wallet Vulnerability to Steal $30 Million Worth of Ethereum (BleepingComputer) An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.

DarkHotel Perfects a New Attack Gambit for Political Targets (Infosecurity Magazine) The attack chain involves whaling, digital certificate factoring and the Inexsmar malware.

Targeted, custom ransomware menace rears its ugly head (Register) No spraying and praying here, just precise, exorbitant attacks

Beware! New Phishing Attacks Disguised as Replies to Previously Asked Questions (Small Business Trends) Cyber criminals have come up with yet another way to get you to open an email. This month’s Comodo Threat Intelligence Lab report has identified a new type of phishing email.

Avoid Phishing Emails (Comodo News and Internet Security Information) Learn more how Comodo Threat Intelligence Lab has identified the phishing emails using the new auto-containment technology and threat intelligence analysis.

Fraudsters Scoring Big – An Inside Look at the Carding Ecosystem (Digital Shadows) In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person. I’m a poor person with money.” In real-life, Escobar’s cartel reportedly made so much money (at one point $US420 million a week) that their chief accountant, Roberto Escobar, claimed that they “would write off 10% of the money because the rats would eat it in storage or it would be damaged by water or lost.” This “poor” person certainly had a lot of money.

Digital Shadows Lifts the Lid on Credit Card Fraud Gangs Cashing in on $24 Billion a Year (Digital Shadows) Reveals step up in sophistication with Russian language e-learning courses, allowing aspiring criminals to make $12k In monthly earnings.

Cybercriminals can take a class on stealing credit cards (CNNMoney) Criminals offer structured advice for others who want to steal and use your financial data.

For $945, this six-week class teaches future cybercriminals (CNET) The class works just like other online courses, with tuition, alumni testimonials and real instructors.

Time is Money: How many threat$ can you fit in a cyberminute? (SC Media US) We all know time is money but when it comes to cybercrime even a minute of down time could cost the mightiest of firms a hefty fine.

In an Evil Internet Minute, $858,153 is Lost to Cybercrime, Reveals RiskIQ (GlobeNewswire News Room) With cybercriminals costing the global economy $454 billion last year alone1, digital threat management leader RiskIQ has examined the growing volume of malicious activity on the internet to reveal the inaugural ‘Evil Internet Minute.’ In a single evil internet minute, close to $858,153 is lost to cybercrime, and 1,080 people fall victim.

Akamai CEO warns of cybersecurity threat in 2018 midterm elections (Akamai) The CEO of the Cambridge-based tech security firm who met with President Trump last month said election hacking remains a significant threat heading into next year’s midterm elections.“I think cybersecurity is a big concern,” Akamai chief Tom Leighton told the Herald today. “The attacks are getting worse, they're large scale, they're more sophisticated, and you've got major entities out there that are very well-funded, very smart, and very motivated to cause harm.”

Security Patches, Mitigations, and Software Updates

Apple Releases macOS Sierra 10.12.6 and More with Security Fixes (The Mac Security Blog) Apple today released software updates for all of its operating systems and Safari. As we all know, there is much more to these updates than what's shown in the update description, so here are some ...

Apple hurls out patches for dozens of security holes in iOS, macOS (Register) Project Zero, GCHQ, and city of Mishawaka, Indiana among credited bug-hunters

Oracle patches 308 bugs, including high-risk arbitrary download flaw in E-Business Suite (SC Media US) Oracle has issued a critical patch update for July 2017, fixing 308 vulnerabilities across its product line.

Oracle E-Business Suite Flaw Allows Downloads of Documents (Threatpost) Oracle today in its Critical Patch Update addressed a critical vulnerability in its Oracle E-Business Suite of business applications that allows for the download of business documents.

Onapsis Identifies and Helps Oracle Secure Critical Vulnerability in E-Business Suite (EBS) (Onapsis) Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced the discovery of several vulnerabilities, including one rated as high-risk, affecting Oracle E-Business Suite (EBS) platforms.

Google Beefs Up Protection against Phishing Scams (Top Tech News) Since a phishing scam perpetrated in May that may have targeted millions of Gmail and Google Docs users, Google has introduced a number of security changes aimed at preventing a repeat.

Cyber Trends

The Cybersecurity Landscape Is Changing Constantly Due To IoT Amongst Other Factors (Information Security Buzz) We all know that the cybersecurity landscape is constantly changing. Amid a backdrop of constantly evolving technology, attack methods and tools with which to protect our data, the situation has only become more complex. For all their additional complexity, businesses have accepted the reality that to remain competitive, they must embrace new technology with open …

WannaCry has pushed cyber-security into the boardroom (IT Pro Portal) More than half of businesses are expecting a similar attack soon.

Hacking Continues to Cause Majority of Reported Data Breaches (HealthITSecurity) Reported data breaches in healthcare are more transparent than other sectors, according to a recent ITRC and CyberScout report.

Survey: Majority of Americans Reuse Passwords and Millennials Are the Biggest Culprits (SecureAuth) Americans more concerned that someone will steal their online personal information than their wallet

Marketplace

Avast Anti-Virus Acquires CCleaner Maker Piriform | eTeknix (eTeknix) Avast who now owns rival AVG, also recently acquired London-based CCleaner software optimization maker Piriform.

Rapid7 Acquires Komand For Security Orchestration Technology (Seeking Alpha) Rapid7 has acquired security technology company Komand for an undisclosed 'non-material' amount. Komand has developed security automation and orchestration soft

Broadcom-Brocade deal delayed, with ‘no assurances’ (TechTarget) The $5.9 billion Broadcom-Brocade acquisition has been delayed 30 days, which may turn into a 75-day delay. That’s if the deal happens at all.

Quantum crypto upstart QuintessenceLabs hopes to cut the cord (Register) Canberra tips dollars into free-space next-gen comms development effort

Intel to Collaborate With Illusive and Team8 on Cyber Security (Monotone Critic) Intel Corp. has united with an Israeli founder of cyber security business ventures, Team8, as a tactical partner and will assist with the configuration of firms that deal with the biggest cyber security issue, Team8 claimed this week.

BeyondTrust builds on security play with Secure-ISS partnership (ARN) BeyondTrust beefs up play in Australia with appointment of Queensland's Secure-ISS as first managed security service provider partner locally.

IBM's quarterly revenue lower than expected (The Independent) IBM reported a lower-than-expected quarterly revenue on Tuesday, as growth in its higher-margin businesses that include cloud and artificial intelligence services failed to make up for declines across legacy business segments. IBM's shares fell 3 per cent to $149.15 (£114.41) in after-market trading.

Cramer: IBM is just another company that has been 'Amazoned' (CNBC) IBM's struggles are "just another Amazon story in some ways," Jim Cramer says.

QinetiQ still expects revenue growth despite slower orders (BOLSAMANIA) Defence, security and aerospace-focussed science and engineering company QinetiQ Group saw “slower than expected” orders in its EMEA Services division in the first quarter, amid a “dynamic” trading environment in the wake of the UK General Election.

BCU selects Matchlight from Terbium Labs for dark web monitoring and fraud detection (CUInsight) Terbium Labs, the premier dark web intelligence company, today announced that Baxter Credit Union (BCU), one of the nation’s top 100 credit unions, has selected Matchlight for continuous dark web data monitoring, fraud detection, and information security risk assessment. Terbium Labs will demonstrate its dark web monitoring and data loss alerting system at the Black …

Bitcoin may have reached a tipping point, now that ‘Downtown’ Josh Brown just invested (MarketWatch) When prominent financial blogger ‘Downtown’ Josh Brown announces that he is making his entree into the realm of digital currencies, it may be worth taking notice.

Proofpoint Inc. Appoints Michael Johnson to its Board of Directors - NASDAQ.com (NASDAQ.com) Proofpoint, Inc., (NASDAQ:PFPT), a leading next-generation cybersecurity company, today announced its Board of Directors has appointed Michael Johnson as a new independent director, effective July 18, 2017.

SAIC, Northrop Vet Randy James Named ICF Cyber & Resilience Business Head (GovCon Wire) Randy James, formerly vice president of cyber at Science Applications International Corp. (NYSE: SAI

Unisys Federal Executives Jennifer Napper and Susan Becker Elected to Leadership Roles with Prominent Government/Industry Groups (PRNewswire) Unisys Corporation (NYSE: UIS) announced today that two Unisys Federal...

The Lapham Group Places Cyber Risk President at Chubb (Hunt Scanlon Media) The hunt for seasoned cybersecurity talent has seen a dramatic increase in the last several years, according to executive recruiters who hunt for talent in the space. Today, the need for such leaders reaches across virtually all industries. Areas like financial services, defense and high technology have long focused on cybersecurity. But with cyber attacks continuing

MKACyber Appoints DOD Cybersecurity Veteran, Mark G. Hall, as Director, Operational Risk and Compliance (GlobeNewswire News Room) Business-focused security operations company strengthens executive team

Products, Services, and Solutions

Lastline Unveils Unprecedented Breach Protection Capabilities (BusinessWire) Lastline, Inc., the leader in advanced network-based malware protection, today introduced Lastline Breach Defender™, the industry’s only s

Checkmarx Awarded NASA SEWP V Contract to Simplify Federal Procurement Processes (BusinessWire) Checkmarx, a global leader in Application Security Testing (AST) today announced it was awarded a contract by NASA’s SEWP.

Pwnie Express to Provide IoT Security for Black Hat® 2017 (PRNewswire) Pwnie Express announced today that security teams working at Black Hat®...

Software Platform for Connected Cars Aims to Address Critical Safety and Security Issues (Electronic Design) With over 100 million lines of code in the average new car, security functions are becoming crucial to prevent hacking. In response, NHSTA seeks to require and standardize V2V communications.

FireEye Gets FedRAMP Certification for Cloud-Based Email Security Service (ExecutiveBiz) FireEye has received Federal Risk and Authorization Management Program certification to offer a cloud-based email security service offering to federal agencies. The FedRAMP moderate-impact level authorization seeks to facilitate the adoption of FireEye Government Email Threat Prevention by federal agencies to protect against email-based attacks as they move to cloud environments, the company said Tuesday. FireEye...

Monitor Your Network for NotPetya in Real Time (Security Intelligence) With the QRadar NotPetya Content Pack, security analysts can monitor their networks for indicators of NotPetya ransomware in real time.

Willis Towers Watson launches cyber work diagnostic tool (NASDAQ.com) Cyber readiness tool uses sophisticated work model to recruit, lead and engage a more cyber-savvy workforce

Palo Alto Networks AutoFocus: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review Palo Alto Networks AutoFocus, a contextual threat intelligence service that makes threat analytics available to organizations of all sizes.

FireEye iSIGHT: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review FireEye iSIGHT Threat Intelligence, which adds context and priority to global threats before, during and after an attack.

LookingGlass Cyber Solutions: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review LookingGlass Cyber Solutions, an open source-based threat intelligence platform that offers unified threat protection against sophisticated cyberattacks.

IBM X-Force: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review IBM X-Force Exchange, a collaborative threat intelligence platform that helps security analysts research threat indicators to speed time to action.

AlienVault Unified Security Management: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review AlienVault Unified Security Management, which taps AlienVault Labs and a massive crowd-sourced exchange to identify and respond to threats.

KnowBe4 Releases Innovative, Customizable Automated Security Awareness Program Builder: ASAP (PRWeb) No-charge ASAP tool is an industry-first that helps IT professionals and security practitioners create a human firewall: their last line of defense.

Check Point Teams with Microsoft Intune to Secure Enterprise Mobility - NASDAQ.com (NASDAQ.com) Check Point® Software Technologies Ltd. (NASDAQ:CHKP) today announced its product integration of Check Point SandBlast Mobile with Microsoft Enterprise Mobility + Security (EMS) to secure mobile devices in the enterprise.

Verint’s Industry-Leading Knowledge Management Now Available for Companies of All Sizes (Sys-Con Media) Verint® Systems Inc. (Nasdaq: VRNT) today announced its new Knowledge Management Professional™ solution for organizations that span 90 to 90,000 users.

Technologies, Techniques, and Standards

Data Recovery in the Age of Ransomware (Barracuda) Earlier this year, the world recognized World Backup Day (WBD) as a reminder to everyone that data is important and has to be protected. As part of the WBD recognition, Barracuda ran a series of blog posts on the reasons why companies lose data even when they do almost everything right. As a follow up to our WBD activities, Barracuda conducted a survey of general technologists whose responsibilities include data protection and recovery. To be blunt, some of these results are alarming. In this article, we are going to run through the results, explain what they mean, and take a

A brief history of Alice & Bob, cryptography's first couple (Boing Boing) A brief history of Alice & Bob, cryptography's first couple

Banks must educate customers on cyber hygiene (Finextra Research) Jacky Fox, Director, Cyber Risk, Deloitte, talks about the large attack surface banks present to cybercriminals, the challenges of protecting legacy systems, the strong progress banks are making with better-tuned policies and procedures, and the need to educate customers and to concentrate cyber security spend on the interfaces those customers are using most often.

Lt. Gen. Paul Nakasone: Research, Analysis Key to Deter Military Network Breaches - Executive Gov (Executive Gov) Lt. Gen. Paul Nakasone, head of the Cyber Command, has said he believes cybersecurity analysis and research

Design and Innovation

Is that really you typing? New DoD tech will know (Nextgov) The Pentagon could soon do away with authentication cards if a new approach takes off: using a person's typing behavior to verify their identity.

Quantum Computing Is Coming for Your Data | Backchannel (WIRED) Tomorrow's computers will be able to expose the data we encrypt today—and hackers are counting on it.

Research and Development

Research center’s cybersecurity leader earns kudos (The Redstone Rocket) An engineer at the Aviation and Missile Research, Development and Engineering Center has been recognized for his efforts in cybersecurity.

Academia

CSU, MCSD partner to earn NSA cybersecurity grant (WBRC Fox 6 News) In what may be a first for Georgia, Columbus State University is partnering with the Muscogee County School District on a National Security Agency (NSA) grant to develop and implement a course in c...

Mount Offers New Cybersecurity Concentration for IT Majors (Hudson Valley News Network) Mount Saint Mary College’s Division of Mathematics and Information Technology now offers a cyber security concentration for undergraduate IT majors.

7 States Partner with SANS Institute to Offer Free Training, Grow Cybersecurity Workforce (GovTech) A free online aptitude course called CyberStart offers scholarships to onboard students into the cybersecurity sector.

Delaware turns to high schoolers to bolster cybersecurity workforce (State Scoop) A new scholarship platform is designed to take advantage of a booming industry and boost the state's cybersecurity talent pool.

Legislation, Policy, and Regulation

Tallinn Manual author: Petya malware attack likely war crime (Cyberscoop) Two prominent international law experts think the recent malware worm, if actually tied to Russia, constitutes a violation of the Geneva convention.

Meet the scholar challenging the cyber deterrence paradigm (Fifth Domain | Cyber) Fifth Domain recently caught up with that scholar, Dr. Richard J. Harknett, professor and head of the political science department at the University of Cincinnati and scholar in residence at U.S. Cyber Command through the end of 2016.

Qatari websites hacked: As cyber warfare gains prominence, countries may be at risk without even realising it (Firstpost) Though cyber warfare has allowed countries to carry out their operations at a faster pace and in larger areas using deceit as weapon, like every technology it has also gotten out of hand

US: Iran still top state terror sponsor; global attacks down (Military Times) Iran continues to be the world's leading state sponsor of terrorism, the Trump administration said Wednesday in a new report that also noted a decline in the number of terrorist attacks globally between 2015 and 2016.

Tillerson to Shut Cyber Office in State Department Reorganization (Bloomberg) Secretary of State Rex Tillerson is shutting down an office that coordinates cyber issues with other countries, according to two people familiar with the plan, in a move that critics said will diminish the U.S. voice in confronting hackers.

State Department Official Who Backs Russian Cyber Engagement Leaving (BankInfo Security) Christopher Painter, who has advocated for diplomatic engagement with cyber friends and foes alike, is leaving his post as coordinator of cyber issues at the State Department, a job he has held since early 2011.

Want porn? Prove your age (or get a VPN) (Naked Security) The UK government plans to put age verification in front of pornographic websites from April 2018

NDAA would fully approve cyber funding for DOD (Bloomberg Government) The House Armed Services Committee’s NDAA for fiscal 2018 recommends additional cybersecurity funding and assessments for the Defense Department, which would help address cybersecurity concerns and offer opportunities to federal information technology vendors.

Trump taps Raytheon VP as Army secretary (POLITICO) Mark Esper would be Trump's third pick for the Army's top civilian job after the first two candidates withdrew.

Colorado's National Cybersecurity Center Plans to Serve and Protect (Westword) The National Cybersecurity Center has its origins in an economic development trip that Governor John Hickenlooper took in 2015, when he visited Tel Aviv and learned about an Israeli cybersecurity center that brings together government officials, university researchers and private businesses to trade knowledge about preventing cyberattacks.

Litigation, Investigation, and Law Enforcement

Senators ask Trump nominees to aid in Russia probe even if it damages president (USA TODAY) The Senate Intelligence Committee asked nominees for high-level intelligence jobs to pledge support for its Russia investigation.

The Seven Circles of Donald Trump’s Russia Inferno (Foreign Policy) We now know that the president wasn’t ignorant of his campaign’s contacts with Moscow’s intelligence agents. But, on a scale, how complicit was he?

Report: Fmr. Obama Official's Involvement in "Unmasking" Individuals Raising Red Flags (Washington Free Beacon) Samantha Power's involvement in the unmasking by former Obama administration officials of sensitive national security information is raising red flags.

Electronics Ban Lifted Worldwide as New Screening Begins - The Voyage Report (The Voyage Report) WASHINGTON (TVR) - The controversial electronics ban on some flights into the United States is nearly gone, with only one airline yet to comply with

Police bodycams get tech that can identify “faces and people” (Naked Security) Bodycams aimed at law enforcement will soon be able to identify stolen bicycles, missing children and other “objects of interest”.

Employee allegedly threw away and stole computers from LULAC lawyer after taking $3,000 from client (San Antonio Express-News) A 37-year-old employee for a local lawyer was arrested Monday after she allegedly took $3,000 from a client, threw away several of the firm's computers and stole one for herself.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Deep Instinct - Black Hat - (7/22-27/17)
BSides Las Vegas July 25 and 26
ClearedJobs - CyberTexas Job Fair
Cyber Security Summit - CYBERWIRE50
8th Annual Billington CyberSecurity Summit Sept. 13

Newly Noted Events

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

Upcoming Events

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.