Are you using threat intelligence to its full potential?

Are you using threat intelligence to its full potential? Download this free report via Recorded Future to learn 12 common threat intelligence use cases.

The daily briefing.

Mexico's central bank now says that it appears there may have indeed been unauthorized transfers through the country's interbank SPEI system.

In a surprising development over the weekend, US President Trump seems willing to toss ZTE some sort of unspecified lifeline to keep them in business. ZTE has been subject to US sanctions that effectively barred it from using US software and components in its products. The company last week announced it had stopped its major operations. The US beef with ZTE centered on the company's flouting of sanctions imposed on Iran.

CrowdStrike says it's already discerned an increase in Iranian cyber operations against US targets. The company's researchers say they saw the uptick begin within twenty-four hours of the US announcement that it would withdraw from the Iran nuclear deal.

Among Facebook and Instagram ads purchased by the Russian troll-farm Internet Research Agency were several promoting a problematic Chrome extension, FaceMusic. FaceMusic catered to several demographics but was most successful among American girls ages 14 to 17. The extension collected Facebook and web-browsing information. It also messaged "Friends" of those who installed it.

Russia's blocking of Telegram prompted self-described Anonymous hackers to deface websites belonging to Rossotrudnichestvo, the Federal Agency for International Cooperation. Among remarks denouncing censorship, the defacements called media regulator Roskomnadzor "a handful of incompetent brainless worms." 

Facebook's on-going review of data-collecting apps has resulted in suspension of about two hundred. Apple, cleaning its Store in preparation for GDPR, is clearing out apps that inappropriately gather information.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

A note to our readers: we'll be in New York tomorrow, covering the Third Annual Cyber Investing Summit. Watch for coverage, including some live-tweeting, of the proceedings.

Today's edition of the CyberWire reports events affecting Australia, China, Estonia, the European Union, France, India, Indonesia, Ireland, Iran, Mexico, Russia, the United Kingdom, and the United States.

Dragos unveils dashboard of ICS-focused threat groups.

The Dragos Intelligence Team tracks a number of industrial-focused activity groups aimed to exploit, disrupt, and potentially destroy industrial systems globally. Each week in May, Dragos will release new content discussing these adversary details that can be read here.

On the Podcast

In today's podcast we speak with our partners at Accenture, as Justin Harvey shares his thoughts on whether the the US withdrawal from the Iran nuclear deal will lead to more cyber attacks from Iran.

Sponsored Events

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Iranian hackers ramp up cyberattacks following Trump’s withdrawal from nuclear deal: Report (The Washington Times) Iranian hackers ramped up their attacks against U.S. targets as expected in the immediate aftermath of President Trump withdrawing this week from the Iran nuclear deal, cybersecurity experts said afterwards.

Without nuclear deal, US expects resurgence in Iranian cyberattacks (CNBC) There are fears that President Donald Trump’s decision to pull out of the Iran nuclear deal this week could lead to a surge in retaliatory cyberattacks from Iran, the New York Times reports.

Anonymous hacks Russian Govt website against ongoing censorship (HackRead) The online hacktivist group Anonymous hacked and defaced the official website of Rossotrudnichestvo against the ongoing censorship in the country especially the recent ban on the encrypted messaging app Telegram.

Russia-Linked Facebook Ads Targeted a Sketchy Chrome Extension at Teen Girls (WIRED) Among the Russian ads released by House Democrats this week were links promoting a suspicious Chrome extension.

When Spies Hack Journalism (New York Times) Reporters usually care little about a source’s motives, provided their information is true and newsworthy. But what if the source is a foreign spy agency?

Islamic State church bombings rip Indonesia (Asia Times) Suicide bombings at three Christian churches in town of Surabaya raise fears of further terror attacks during the fasting month of Ramadan

Threat Report 2018: ISIS In the Spotlight (The Cipher Brief) Though terror group ISIS continues to lose territory in Syria and Iraq, it increasingly poses a threat in other areas of the world, and through its ideology, which has inspired attacks across the globe. Today’s brief is a snapshot of the 2018 Cipher Brief Threat Report. Learn more about the report here.  Bottom Line: The … Continue reading "Threat Report 2018: ISIS In the Spotlight"

Researchers warn of critical flaw affecting PGP and S/MIME (TechCrunch) Those who use PGP and S/MIME to send secure emails are being advised to cease using and disable the tools with immediate effect following a major security scare. Researcher Sebastian Schinzel, a professor of computer security with Münster University of Applied Sciences, claims to have identified a …

Mexico Says Possible Bank Hack Led to Large Cash Withdrawals (Bloomberg) Several Mexican banks experienced large cash withdrawals in recent weeks after possible cyber attackers infiltrated some financial institutions, triggering unauthorized money transfers, the central bank said in an interview with Bloomberg.

UK cell giant EE left a critical code system exposed with a default password (ZDNet) The code repository contained two million lines of code across EE's website and customer portal.

Card Breach Announced at Chili’s Restaurant Chain (BleepingComputer) Malware has harvested payment card details from some Chili's restaurants, Brinker International, the company behind the restaurant chain announced on Friday.

Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability (TrendLabs Security Intelligence Blog) We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018.

Text bombs and “Black Dots of Death” plague WhatsApp and iMessage users (HOTforSecurity) If you believed all the headlines you would think the problem is more serious than it really is. "Beware the ‘Black Dot of Death’ that will obliterate your iPhone with one text message", reads The Metro newspaper. "Warnings about WhatsApp 'text...

Facebook suspends ~200 suspicious apps out of “thousands” reviewed so far (TechCrunch) Did you just notice a Facebook app has gone AWOL? After reviewing “thousands” of apps on its platform following a major data misuse scandal that blew up in March, Facebook has announced it’s suspended around 200 apps — pending what it describes as a “thorough investiga…

Malicious Apps Get Back on the Play Store Just by Changing Their Name (BleepingComputer) Security researchers are reporting that malicious Android apps they have detected and reported to Google the first time, have slipped back into the Play Store after changing their name.

Malicious Package Found on the Ubuntu Snap Store (BleepingComputer) An attentive Ubuntu user has spotted today a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store.

Danish Railway Company DSB Suffers DDoS Attack (Infosecurity Magazine) Passengers unable to purchase tickets as systems taken down

Security Flaw Impacts Electron-Based Apps (BleepingComputer) Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications.

Analysis finds evidence of cyber attack, surge in Knox election night web traffic (WBIR) Knox County hired Sword & Shield Enterprise Security to look into why the county election commission web page suddenly crashed the night of May 1, the primary election.

Florida voting officials fire back at Rubio's criticism over cyber-threats (Miami Herald) As the threat of another attempted cyber attack hovers ominously over Florida's 2018 election, voting officials in the state are livid at U.S. Sen. Marco Rubio for claiming they are "overconfident" and not taking the possibility seriously enough.

One answer as to why control systems are still so vulnerable (Control Global) One reason control systems are still so vulnerable is the lack of understanding by IT security and the lack of participation in the control system security process by control system experts.

Exclusive: Cyber attack claims player details from World Rugby (The Telegraph) World Rugby has been forced to suspend one of its websites after the governing body was the target of a cyber attack that saw hackers obtain personal data from thousands of subscribers to one of their databases, The Sunday Telegraph can reveal.

How a “location API” allows cops to figure out where we all are in real-time (Ars Technica) "Securus takes no steps to verify that uploaded documents in fact provide authorization…"

Ransomware Attack Wipes Out Police and Fire Department Data (HackRead) The city of Riverside’s Police and Fire department has been hit by a ransomware attack once again - This means the department has come under cyber attack for the second time in the last few weeks.

Probe into 'cyber attack' on Together for Yes page (Independent.ie) Gardaí are probing allegations that a crowd-funding page linked to pro-repeal group 'Together for Yes' was the subject of a deliberate cyber attack.

Family Planning NSW hit by ransom demand in cyber-attack (the Guardian) Medical records not exposed in data breach but information sent by clients seeking an appointment may have been compromised

Security Patches, Mitigations, and Software Updates

Rockwell Automation Patches Flaws in Simulation, Licensing Tools (SecurityWeek) Rockwell Automation patches vulnerabilities in Arena simulation software and FactoryTalk Activation Manager

Apple boots out apps that abuse location data collection (Naked Security) GDPR is coming and Apple’s spring cleaning the App Store

Cyber Trends

How information warfare in cyberspace threatens our freedom (The Conversation) Simulation models show just how effectively fake news and propaganda can shift opinions.

America is losing the cyber war (SecurityInfoWatch.com) The modern threat landscape is rife with digital threat actors of every variety that weaponize every vector and exploit vulnerabilities in every system

Report to Congress on Artificial Intelligence and National Security (USNI News) The following is the April 26, 2018 Congressional Research Service report, Artificial Intelligence and National Security. From the Report: Artificial Intelligence (AI) is a rapidly growing field of technological development with potentially significant implications for national security. As such, the U.S. Department of Defense (DOD) is developing AI applications for a range of military functions. …

NGA official: Artificial intelligence is changing everything, ‘We need a different mentality’ (SpaceNews.com) NGA is modernizing its cloud architecture “to allow our analysts to live in the data."

Whose Team Is Artificial Intelligence On: The Corporations or Hackers? (Infosecurity Magazine) As we create more innovative solutions like AI, do we open up the gates to potentially more dangerous and common attacks?

The crypto alternative (TechCrunch) Suppose, just for a moment, just for argument’s sake, that (some) cryptocurrencies are not a giant scam, and what’s more, they’re not just another kind of financial asset. Come on. Don’t look at me like that. Work with me here. Imagine, just for a moment, that there exist pl…

Iranians Embrace Cryptocurrencies As the US Abandons Nuclear Deal (Blokt) Iran is quick to embrace Bitcoin and other cryptocurrencies after US President Donald Trump decided to withdraw from the Iran Nuclear Agreement.

Exposing the threat of shadow devices (Help Net Security) Infoblox announced new research that exposes the significant threat posed by shadow devices on enterprise networks. Over a third of companies in the US, UK and Germany (35 percent) reported more than 5,000 personal devices connecting to the network each day.

10 alarming cybersecurity facts (Networks Asia) What you need to know to stay safe.

Social media: The zero-trust game (Help Net Security) Our value today is measured in numbers. These metrics, however, are easily manipulated to such an extent that even elections have allegedly been at the mercy of the social media numbers game.

Black Book's Annual Cybersecurity Survey Reveals Healthcare Enterprises Are Not Maturing Fast Enough, Processes Continue Underfunded and Understaffed (PharmiWeb) The industry is deluged with new applications, challenging systems, new devices and innovative approaches to handling and sharing data.

Tech Addiction and the Business of Mindfulness (WIRED) Meditation isn’t for you? These phone-free social media workshops promise to build the mindfulness right into your technology.

Adam Parfrey's Feral House Was the Forerunner to Reddit and 4chan (Motherboard) Parfrey is dead at 61.

Marketplace

5,000 Developers in India Ready to Work on Crypto Projects (Bitcoin News) According to a recent study, 5,000 Indian software developers currently have the skill sets to work on cryptocurrency and blockchain projects. 10,000 more developers can be easily trained but an additional 30,000 would require extensive training.

Cybersecurity Skills Shortage: Where Are All the Penetration Testers? (Infosecurity Magazine) Why you are not finding penetration testers, and what you can do about it.

Corrupt Chinese company on Telstra shortlist (The Sydney Morning Herald) ZTE, which is banned and facing criminal sanction in the US, is also shortlisted to build critical West Australian technology infrastructure.

How Chinese telco ZTE bribed its way to greatness (Financial Review) ​ZTE, a Chinese telecommunications company with a record of systemic corruption, is bidding for major contracts in Australia, including Telstra's 5G mobile network and a transport contract in Western Australia.

Trump wants to end a trade ban on ZTE, the Chinese company that reportedly had an entire department devoted to paying foreign bribes (Business Insider) ZTE reportedly had an department that managed bribes of foreign officials, and sign off was required from several managers including some based at its Shenzen h

Why Google’s Pentagon mutiny should worry government contractors (Washington Business Journal) Companies that dismiss it as nothing more than a temper tantrum by filter-bubbled techies do so at their own peril.

Favstar says it will shut down June 19 as a result of Twitter’s API changes for data streams (TechCrunch) As Twitter develops an ever-closer hold on how it manages services around its real-time news and social networking service, a pioneer in Twitter analytics is calling it quits. Favstar, an early leader in developing a way to track and review how your and other people’s Tweets were getting like…

Symantec's Problems Run Deeper Than Just an Audit Committee Probe (TheStreet) The security firm's weak guidance points to share loss in a very competitive enterprise landscape.

Symantec: Safety At Home, But In Your Portfolio? (Seeking Alpha) Symantec should bring security to your home and workplace, but certainly is not doing so in your portfolio. The company has been rightfully stripped from its pr

Cloud Cybersecurity Startup Protego Raises $2 Million in Seed (CTECH) Jerusalem-based Protego develops a cloud information security technology that can detect threats and attacks in real time

WhiteHawk forms strategic alliance with Cybercrime Support Network (Small Caps) Cybersecurity advisory service WhiteHawk Limited (ASX: WHK) has announced a strategic partnership with the Cybercrime Support Network, a US-based public-private, non-profit collaboration to assist victims of cybercrime.

Merlin International Wins Over $80 Million in Contracts to Support U.S. Government Healthcare Cybersecurity Challenges 10/31 – Merlin International (Merlin) Merlin International, a leading cybersecurity and IT solutions provider, today announced that the company has been awarded contracts in excess of $80 million in the third quarter of 2017, critical to bolstering the cybersecurity posture of government healthcare.

The Welsh Cyber Security Revolution (Business News Wales) Ask an outsider to conjure up dreams of the Welsh valleys and their response will likely include rolling hills of green, mines, and Tom Jones (and the home of Digital Festival, of course!). Whilst they’re not wrong, they may be using an outdated blueprint. Throughout the 21st century, Wales has outgrown its coal-stai

Valve is paying hackers thousands of dollars for discovering Steam security flaws (Updated) (PC Gamer) It's paid out more than $100,000 so far.

Products, Services, and Solutions

Oxygen Forensics Introduces New Method of Decrypting WhatsApp Data With Release of Oxygen Forensic® Detective 10.2 (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices, cloud services and drones, announced today that Oxygen Forensic®® Detective 10.2 can now acquire a WhatApp Cloud token from Android devices.

Technologies, Techniques, and Standards

Don’t WannaCry Again? Here’s How to Prevent it (Infosecurity Magazine) A year since WannaCry, how much has security learned about applying the basics?

The 3 hidden costs of incident response (CSO Online) Every business function seeks to apply finite resources to maximum benefit, and to do that effectively in security, like threats, requires a keen understanding of those costs that are known and those that are hiding.

GDPR compliance: Identifying an organization's unique profile (Help Net Security) In particular, legal, IT security, privacy and information governance functions must all be closely aligned as the process moves from the planning, scoping and design phases to implementation and ongoing management of the program.

Protecting your business behind a shield of privacy (Help Net Security) In this podcast recorded at RSA Conference 2018, Francis Knott, VP of Business Development at Silent Circle, talks about the modern privacy landscape, and introduces Silent Circle’s Silent Phone and GoSilent products.

Breaking Bad Behavior: Can AI Combat Insider Threats? (Security Intelligence) Artificial intelligence (AI) tools enable security teams to identify behavioral patterns that could point to insider threats more quickly.

Why and how to set up a VPN on your iPhone or Android (Security Boulevard) A VPN, or Virtual Private Network, routes all of your internet activity through a secure, encrypted connection, which prevents others from seeing what you’re doing online and from where you’re doing it. Basically a VPN provides an extra layer of security and privacy for all of your online activities. Want to learn more about VPNs in general? Check out our Essential Guide.

Secrets to a better password and less hacks: Go long, use variety, and sometimes lie (CNBC) In the wake of recent breaches that exposed millions of American’s passwords, here is how to pick a more secure password.

Maryland National Guard exercises Cyber Awareness with Estonian Defenses (DVIDS) Md. Guard cyber defenders from the 175th Wing’s Cyber Operations Group at Warfield Air National Guard Base, Middle River, Md. supported the Estonian Defense League’s cyber defense unit 2-12 May during Exercise HEDGEHOG, also known as Siil 2018.

Design and Innovation

Bank of America Confronts AI’s ‘Black Box’ With Fraud Detection Effort (Wall Street Journal) The bank, currently experimenting with how artificial intelligence could help improve fraud detection, announced they’re working with Harvard University to address bias in algorithms. “We’re not fans of lack of transparency and black boxes, where the answer is just ‘yes’ or ‘no,’” said Hari Gopalkrishnan, client-facing platforms technology executive at Bank of America.

How YouTube’s Volunteer Army Gets Channels Undeleted (Motherboard) When YouTube’s content moderation fails, super-users from the YouTube Contributors and Trusted Flagger programs are ready to intervene.

Leaked Documents Show Facebook’s Struggles With D[**]k Pics (Motherboard) Motherboard has obtained training material for Facebook moderators which shows the social media giant's shifting policy on "unsolicited adult nude genitalia imagery sharing," or dick pics.

Huawei Pre-Installing Bitcoin Wallets on Phones. Suspicion Warranted? (BitsOnline) Huawei, the Chinese mobile phone giant, has begun to pre-install BTC.com bitcoin wallets in all new mobile phones, with the aim of including older models in future updates. But skeptics of the move are wondering what’s the “more than meets the eye” aspect of the equation.

Academia

UW adds cybersecurity certificate program (San Francisco Chronicle) The University of Wyoming Board of Trustees has approved creation of a cybersecurity certificate program.

Legislation, Policy, and Regulation

Trump Extends Lifeline to Sanctioned Tech Company ZTE (Wall Street Journal) President Trump said he was working with Chinese President Xi Jinping to keep ZTE in business, throwing an extraordinary lifeline to the Chinese telecommunication giant that has been laid low by U.S. moves to cut off its suppliers.

President Trump says he’s working to give ZTE a reprieve (TechCrunch) In a remarkable development, President Trump has thrown an olive branch to controversial Chinese telecom firm ZTE . The company, which sells telcom network equipment and consumer devices including smartphones, said on Wednesday that it would cease its main business operations after the U.S. Departm…

Here's how the US has paralyzed Chinese phone maker ZTE (CNET) The company, despite shutting down operations, is still fighting for its life.

ZTE woes loom as US-China trade tensions rise (ABS-CBN News) With a major Chinese smartphone maker on the rocks following US sanctions, the trade spat between Washington and Beijing appears to be taking a turn for the worse for tech firms in the 2 global economic powerhouses. 

Schiff warns of cybersecurity threat from ZTE (CNN) After President Donald Trump vowed to help Chinese tech giant ZTE, Rep. Adam Schiff (D-CA) warns that the firm poses a "major cybersecurity threat."

UK Regulator Issues Advice on 'Consent' Within GDPR (SecurityWeek) Once the UK leaves the EU, GDPR within the UK will be replaced by the new Data Protection Bill, which is designed to ensure the UK's data protection adequacy.

The UK and USA need to extend their “special relationship” to technology development (TechCrunch) Matt Hancock Contributor Share on Twitter Matt Hancock is the Secretary of State for Digital, Culture, Media and Sport and a Member of Parliament for West Suffolk. The UK and the USA have always had an enduring bond, with diplomatic, cultural and economic ties that have remained firm for centuries.…

Here's How a National Cybersecurity Agency Could Work (Nextgov.com) A central authority could reduce the complexity that exists today.

After the San Bernardino iPhone fiasco, lawmakers introduce the Secure Data Act (Digital Trends) Lawmakers introduced the Secure Data Act on Friday: a new bill that prevents law enforcement and surveillance agencies from forcing companies to insert backdoor entrances into their products and services. The bill was presented by U.S. Representatives Zoe Lofgren (D-Calif.) and Thomas Massie (R-Ky.) along with four co-sponsors.

Senator freezes DHS cyber nominee over Stingray info (FCW) Sen. Ron Wyden wants info on use of rogue cell-tracking Stingray devices in the nation's capital before he'll confirm a new cybersecurity leader at the Department of Homeland Security.

Cops Can Find the Location of Any Phone in the Country in Seconds, and a Senator Wants to Know Why (Motherboard) Here are the letters Senator Ron Wyden sent to mobile carriers and the FCC demanding answers and action on the recently highlighted law enforcement service to easily track phones across the country.

Litigation, Investigation, and Law Enforcement

Oracle claims Google exfiltrates 1GB of data from Android phones every month | Computing (http://www.computing.co.uk) Oracle gives evidence to Australian Competition and Consumer Commission investigation into Google,Security,Hardware,Communications ,Security,Privacy,Data,Google,Australia,GDPR

NCA: UK Cybercrime Continues to Rise (Infosecurity Magazine) Attribution and under-reporting challenges compound problems for crime-fighters, says agency

Anonymous Member Arrested in Ohio (BleepingComputer) The Federal Bureau of Investigation has arrested an Ohio man on accusations of launching DDoS attacks on websites belonging to the city of Akron.

Barclays CEO’s Penalties Over Whistleblower Saga Top $1.5 Million (Wall Street Journal) Barclays Chief Executive Jes Staley has been hit with penalties equal to roughly a quarter of his 2016 pay over his efforts to unmask a whistleblower.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Cyber Security Summit - CYBERWIRE95
Third Annual Cyber Investing Summit 5/15/18

Upcoming Events

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience tabletop simulation exercise by Professor of Law Amos N. Guiora, SJ Quinney School of Law, University of Utah, and a presentation on "Challenges in Cyber Education" by Daniel Stein, DHS Branch Chief for Cybersecurity Education and Awareness.

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for 2018 focuses on: innovations in software engineering, advances in data security, blockchain impact on C4I, exploiting machine learning, collaborative community resilience, IoT impact on national security, understanding information warfare, innovations in IT acquisition, and disruptive mobility technology.

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the nuclear supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - July 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.