skip navigation

More signal. Less noise.

Daily briefing.

Iranian hackers continue their DDoS campaign against US banks: BB&T is the latest victim. MiniFlame, apparently a Western espionage tool (InformationWeek thinks it's a US "cyberweapon") was discovered by accident during an investigation of a Flame command-and-control server, which leads observers to wonder how much other espionage malware is out there. (Flame watches Middle Eastern targets, they observe. What's watching North Korea?)

Rapid7 discovers a zero-day information disclosure vulnerability in Novell ZENWorks. Microsoft finds Nitol botnet code in Chinese free malware sites. Researchers demonstrate that pacemakers can be hacked to deliver lethal shocks, and analysts agree that the state of medical device security is "not encouraging."

Adobe and Apple both issue security upgrades.

Gartner predicts the Big Data will drive $232B in IT spending through 2016. Cyber Security Hall of Famer Whitfield Diffie offers the contrarian opinion that a degree of crime is good for the Internet. (He also likens security to reliability: neither is likely to be built in from the bottom up.)

Recent official concern over cyber security should make stock markets bullish on cyber equities, but instead a soft European market and US budget uncertainty have dragged share prices lower. The White House appears to have cleared Huawei of espionage, but concerns about that company and ZTE persist.

Canada's Harper government announces plans to double cyber security spending. Northrop Grumman opens a cyber range in Australia. Australia considers mandating breach disclosure. The Netherlands debates new cyber crime legislation. Volokh conspiracy blawgers wrap up their discussion of active defense.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Georgia, Germany, Greece, India, Iran, Japan, Lebanon, Netherlands, North Korea, Palestinian Territories, Qatar, Russia, Saudi Arabia, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Iran Renews Internet Attacks On U.S. Banks (Wall Street Journal) Iranian hackers renewed a campaign of cyberattacks against U.S. banks this week, targeting Capital One Financial Corp. and BB&T Corp. and openly defying U.S. warnings to halt, U.S. officials and others involved in the investigation into the attacks said

7 MiniFlame Facts: How Much Espionage Malware Lurks? (InformationWeek) Just how much cyber-espionage malware is currently at large, and who does it target? Kaspersky Lab Monday revealed that in September 2012, its researchers discovered that a mysterious piece of code connected to the Flame malware, which they

Information Disclosure Zero-Day Discovered in Novell ZENworks (Threatpost) A zero-day vulnerability in Novell ZENworks Asset Management Software 7.5 gives access to any files with system privileges and could also allow an attacker to grab configuration parameters, including the backend credentials in clear text, according to Rapid7 exploit developer Juan Vazquez who discovered the vulnerability and wrote an exploit module for Metasploit

Nitol Botnet Shares Code with Other China-Based DDoS Malware (Threatpost) Microsoft has learned that much of the code used by the Nitol malware family is copied from free malware resources hosted on Chinese websites. Microsoft posted portions of the code online this week where similar lines used for denial of service attack functionality are present in Nitol and on the sites in question

Hacked Pacemakers Could Send Deadly Shocks (TechCrunch) The next frontier of computer hacking could be lifesaving medical devices: at a recent developer conference, a pacemaker was wirelessly hacked to send deadly 830 volt shocks

Medical Device Security in Need of Major Upgrade (Theatpost) Security researchers and hackers have spent the last 20 years or so tearing apart all manner of software and hardware, looking for vulnerabilities, attack vectors and bugs, and the advent of embedded and implantable devices has now drawn their attention to this new class of targets. Medical devices, both implantable and external, have become the subjects of quite a lot of research lately, and the results are not encouraging

Could Hackers Change Our Election Results? (Dark Reading) Many of the same vulnerabilities exist in electronic voting systems as the last time we elected a president, and new ones abound that could put voter databases at risk and undermine civic confidence

O2 drops Ericsson after outage (ComputerWeekly) O2 has blamed software provided by Ericsson for the outages its network suffered both last week and in July.

Security Patches, Mitigations, and Software Updates

Adobe Extends Security of Reader and Acrobat With Better Sandbox, Force ASLR (Threatpost) Adobe has upgraded the security capabilities of both Reader and Acrobat with new releases this week, extending the functionality of the sandbox and adding a feature that forces all of the DLLs loaded by the applications to use ASLR, regardless of whether they originally were compiled with ASLR enabled

Apple gets aggressive - latest OS X Java security update rips out browser support (Naked Security) Oracle patches Java, then Apple issues its own updates. You can never be quite sure how long that's going to take. This month, it all happened pretty quickly - and Apple took the opportunity to kick Java out of your browser at the same time

Apple resumes User Tracking with iOS 6. Here's how to disable it (Naked Security) Apple was eager to promote the many new features in iOS6, but avoided mention of one: IFA - or identifier for advertisers - the company's newest device tracking technology

Cyber Trends

Akamai Releases Second Quarter 2012 'State Of The Internet' Report (Dark Reading) Akamai observed attack traffic from 188 unique countries/regions during the second quarter of 2012

Big Data To Drive $232 Billion In IT Spending Through 2016 (TechCrunch) Big data will drive $232 billion in spending through 2016. It will directly or indirectly drive $96 billion of worldwide IT spending in 2012, and is forecast to drive $120 billion of IT spending in 2013

Don't secure the internet, it needs crime: Diffie (ZDNet) While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet

Sick crazies on the web: boringly nice people don't become infamous trolls (Telegraph) "I'm a boringly nice person IRL." That three letter abbreviation, which stands for "in real life", is the cause of a lot of internet problems. It establishes a distinction between the Wild West of the web and the real world with its real laws and real consequences

Marketplace

IT Pay Raises to Be Almost Twice National Average (ERE) Salaries for tech workers in the U.S. will rise almost twice the national average in 2013 — some will increase even more, up to 12 percent — a symptom of how competitive the competition for talent has become

Insecurity at Internet Security Firms (CHKP, FTNT, FIRE, PANW, IBM, INTC) (24/7 Wall Street) Internet security providers Check Point Software Technologies Ltd. (NASDAQ: CHKP) and Fortinet Inc. (NASDAQ: FTNT) both reported weaker than expected results for the third quarter and both lowered fourth quarter forecasts. Another competitor, Sourcefire Inc. (NASDAQ: FIRE) is falling just as far and just as fast in sympathy

The Warships of Silicon Valley (Wired Business) The giants of the technology world; Google, Amazon, Apple, Facebook, and Microsoft; are locked in a host of epic struggles

Canada To Beef Up Its Cyber Defenses (Wall Street Journal) Canada said it will more than double spending on defense against cyberattacks, amid heightened global worries over cyber warfare

Northrop Grumman to Build Cyber Test Range in Australia (Sacramento Bee) Range will help Australian military develop, test and evaluate integrated cyber technologies

Former Defense Official Calls Congressional Paralysis A Threat (GovExec.com) In an event at The George Washington Universitys Elliott School of International Affairs, Michele Flournoy, the undersecretary of Defense for policy from 2009 to 2012, said that Congress inability to pass a budget and set long term policy goals was detrimental to the government, especially in an incredibly complex and dynamic security environment worldwide

Web content management diminishing in importance, says GSA official (Fierce Government IT) The White House's digital government strategy directs agencies to streamline their backend web content management systems and create application programming interfaces, or APIs, for their content. But crafting APIs is far more important than focusing on web platforms, said Gray Brooks, API strategist at the General Services Administration's digital services innovation center

IC runs apps acquisition pilot (Fierce Government IT) The intelligence community is running an acquisition pilot under which qualified apps or widget developers can submit their code to a marketplace and be paid a nominal fee--but if the application's uptake is significant, be paid what it would have cost the federal government to otherwise purchase it, said Dawn Meyerriecks, assistant director of national intelligence for acquisition, technology and facilities

Google's CIO Dilemma (InformationWeek) CIOs torn are torn between wanting to back a company that represents the future and needing predictability. Google execs must now ask CIOs the right questions--and be prepared for stubborn answers

Enterprise Hunger For Custom Apps Equals Developer Jobs (InformationWeek) IT job hunters, it's a good time to be an application developer. Thanks in part to BYOD, the demand for custom enterprise apps is booming

What Huawei, ZTE Must Do To Regain Trust (InformationWeek) The U.S. is not the only country scrutinizing the security of Chinese-made telecom equipment from Huawei and ZTE. Without major changes, significant contracts are at risk

SAIC Awarded $18 Million Task Order By Defense Information Systems (Stockhouse) Under the contract, SAIC will provide strategic C3 system engineering and technical ... the intelligence community, the US Department of Homeland Security

CACI Awarded Prime Contract on $7 Billion Multiple-Award Program to Support U.S. Army Communications-Electronics Command (MarketWatch) New Work Will Upgrade Software Used In-Theatre and in Business and Enterprise Areas

NJVC Realigns, Promotes Programs Lead Michael Carr to CTO (Govconwire) NJVC has promoted Michael Carr, formerly acting chief technology officer and senior vice president of programs, to the CTO position on a permanent basis, the company announced Wednesday

QinetiQ Names TASC, GDIT Vet Bruce Feldman National Systems SVP (Govconwire) Qinetiq North America has appointed Bruce Feldman senior vice president for the national systems sector within the mission and information solutions operating unit, the company announced Monday. He will manage service delivery and technology development for contracts with both intelligence and defense customers

Google opens data center Kimono: Why cloud players will follow (ZDNet) Google and Facebook are opening up about their data centers. Why? It's the best asset to earn trust as a steward of your data. Web giants are throwing the doors open to their data centers in a move that would look bizarre in most industries. This go round it's Google, which is showing off its Lenoir, NC data center

Products, Services, and Solutions

Product Watch: New Fortinet Tools Help Enforce Policy By Device, Reputation (Dark Reading) FortiOS 5.0 enables enterprises to restrict user access based on behavior, device ownership

Android APK 4.2 teardown shows Google getting serious about security (Ars Technica) New features might include VPN lockdown, SELinux, and SMS confirmation

Ubuntu 12.10 "Quantal Quetzal" takes flight with a bag full of Juju (Ars Technica) Ubuntu kicks off a new two-year cycle with fancy enterprise features

IBM claims first with Hadoop data security suite (The Register) IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and resources around a dedicated security unit. That team has now released a raft of new and updated products as part of a drive to make the company something for everything, from the datacenter to the mobile

McAfee Launches New Data Center Security Suites (Dark Reading) Suites offer combination of whitelisting, blacklisting, and virtualization technologies for protecting servers and virtual desktops

Secure64 Releases Enhanced Version Of DNS Management Software (Dark Reading) New capabilities unify management of entire Secure64 DNS product suite from a single application

Seagate unveils three new enterprise-class HDDs (Help Net Security) Seagate announced three new enterprise-class hard disk drives optimized for traditional data centers and emerging cloud infrastructures. Perfect for cloud bulk data storage, the Seagate Enterprise

Cloud-based document security from SealPath (Help Net Security) SealPath launched its cloud-based software solution for Professionals and Enterprise users. Using SealPath technology, documents containing sensitive business information are encrypted before they are

Cloud security application uses electronic fingerprint (Help Net Security) Intrinsic-ID launched Saturnus, an application that allows users to protect data with their mobile devices before sending it to the cloud. It is the first application that offers security based on the

Cisco and Citrix partner on networking and cloud (Help Net Security) Cisco and Citrix announced an expansion of their desktop virtualization partnership into three strategic areas: cloud networking, cloud orchestration, and mobile workstyles

Mandiat unveils cloud-based network monitoring service (Help Net Security) Mandiant announced Mandiant Cloud Alert, a subscription-based service which requires no hardware or software installation. It helps organizations pinpoint compromise in their network environments

Thales Intros World's Fastest Elliptic Curve HSMs (Dark Reading) "As the use of cryptography becomes a mainstream approach to protecting critical systems and valuable data, there is a requirement for algorithms that address the needs of important new markets. The rise of the smartphone and the emergence of

Adobe Reader and Acrobat get another layer of security (Ars Technica) Adobe announced new security features this week for its Reader and Acrobat XI products, including enhanced sandboxing, Force ASLR, PDF whitelisting, and Elliptic Curve Cryptography. In addition to a number of new features enhancing Reader's and

Facebook Just Launched Its Next Billion-Dollar Business (Business Insider) For months, Facebook has been testing a new kind of ad on mobile devices--ads for other apps. Now it's officially launched the app-ad program to all developers

Malicious links: Facebook reinforces their service via third parties (Generation NT) These are Avast!, AVG, Avira, Kaspersky Lab, Panda Security, Total Defense and Webroot. From the AV Marketplace, users can download an antimalware

Microsoft says Surface screen outperforms iPad Retina display (Apple Insider) Microsoft says Surface screen outperforms iPad Retina display. By Neil Hughes. Even though Microsoft's new Surface has a lower resolution screen than the Retina display on the new iPad, one Microsoft engineer has argued that the Surface offers superior

Windows 8 leaves users 'dazed and confused' (BGR) Windows 8 Resistance. There's no doubt about it that Microsoft's (MSFT) upcoming Windows 8 is a huge upgrade. Gone is the Start menu and in its place is a Windows Phone-inspired Start screen populated with flat and colorful tiles for launching applications

Cisco Takes On VMware With OpenStack Cloud Tools (InformationWeek) Cisco Edition of OpenStack aims to simplify private cloud deployments and offers an open-source alternative to VMware's cloud software

SAP Launches Cloud Platform Built On Hana (InformationWeek) SAP's in-memory technology is the differentiator for application services and database services that will take on Oracle and Salesforce.com in the cloud

Technologies, Techniques, and Standards

Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005 (Internet Storm Center) A word that I'm hearing a lot these days from clients is "Risk". And yes, it has a capital R. Every time. Folks tend to think of any risk as unacceptable to the business. Every change control form now-a-days has a Risk Assessment and Risk Remediation sections, and any issue that crops up that wasn't anticipated now becomes a process failure that needs to be addressed

Electric Sector Security Metrics Motherload (Smart Grid Security) Not all are technical metrics, nor are they all technically, metrics. But in the space of just a few months this summer, North American electric utility executives and their security leadership have seen a spate of new guidance documents published that intend to help them manage, monitor, and measure the effectiveness of their cyber risk mitigation strategies and controls. Where once there was just the cross-sector ISO 27000 series to steer your security course by (or for Federal folks, FISMA), there are suddenly a near handful of freshly minted how-to manuals at their disposal

How to complywith updated NIST incident response guidelines (TechTarget) "Incident Handling Guide (SP 800-61) [PDF]. This third revision offers guidance on issues that have arisen since the last release in March 2008 with an emphasis on addressing new technologies and attack vectors, changing the prioritization criteria for incident response and facilitating information sharing. In this tip, we examine these major changes and discuss how to integrate them into a security and compliance program

Ask The Experts: Favorite Security Tools (infosec island) I'm in the risk management area of information security; I dont know enough about technical information security tools to give an informed opinion about them. However, my favorite information security tool is the Consensus Audit Groups Twenty Critical Security Controls for Effective Cyber Defense (which is very similar to MicroSolveds own 80/20 Rule of Information Security). The CAG as I call it gives me as a risk manager clearer, more proactive, and detailed information security guidance than any of the other standards such as the ISO or NIST

Time to rethink network management (Help Net Security) The acceleration in data speeds and volumes in telecom networks is increasing the need for real-time network management solutions, according to Napatech. Network probes have been identified

The Secure Operating System Equation (Dark Reading) Many experts like the idea of a purpose-built, secure operating system. It's just that adopting one is not so straightforward, even if it's specifically for security-strapped SCADA systems. Hardened, secure operating systems for sensitive computing environments are nothing new. Trustix, SELinux, Sidewinder SecureOS, and Green Hills Integrity are among many secure OSes, some that have survived for niche environments and others that have faded into obscurity

How One Midsize Bank Protects Against Hacks (InformationWeek) In light of ongoing hacktivist attacks on major banks, Lake Trust Credit Union information security pro shares insights on how a smaller bank stays secure without too-big-to-fail resources

Design and Innovation

FireEye Earns JPMorgan Chase Hall of Innovation Award (Equities.com) FireEye, Inc., the leader in stopping advanced cyber attacks, today announced that it was inducted into the JPMorgan Chase Hall of Innovation. FireEye received the award for helping protect JPMorgan Chase

Research and Development

Duncan Watts: From Sociology to Social Network (IEEE Spectrum) Everything changed for an Ivy League professor when he reinvestigated the "six degrees of separation"

What's Wrong With Common Sense (IEEE Spectrum) A "Techwise Conversation" with social network theorist Duncan Watts

Academia

UIT promotes cybersecurity on campus this month (Tufts Daily) In light of increased global awareness about the importance of password security on smartphones and tablets, UIT has declared mobile passwords its focus for the Department of Homeland Security's National Cyber Security Awareness month. Theft of cell

UMBC to launch Cyber Scholars program with $1M Northrop Grumman gift (Bizjournals.com) University of Maryland, Baltimore County is creating a "Cyber Scholars" program with a $1 million grant from the Northrop Grumman Foundation. Beginning in 2013, the program will award scholarships, internships and opportunities for advanced research to

UW Tacoma forging jobs, training links in cyber security (Business Examiner) Cyber security is an industry ripe for growth in the South Sound – and one with zero current unemployment here, according to the University of Washington Center for Information Assurance and Cyber Security. Thus, the UW Tacoma campus is combining its

The FBI's "Cyber Surf Island" game aims to promote internet safety amongst students (Naked Security) Do you remember Dewey the Turtle? The US Federal Trade Commission's online safety mascot? Of course you don't. Nobody does. He dropped on the scene in 2002 to tell us all to watch out for spam and viruses, then tucked inside his shell in 2005, never to be heard from again

Lockheed Martin and Tech Council of Maryland Host Maryland High Schools (Sacramento Bee) "As a hub of America's intelligence and cyber security sectors, Maryland has the capacity to kick start our regional and national economies with quality jobs that keep us safer and more secure," said Sen. Cardin. "I applaud Lockheed Martin for the

Legislation, Policy, and Regulation

Australia Might Introduce Mandatory Data Breach Notification Laws (Softpedia) Who should be notified in case of a data breach? Customers, authorities or both? Thats one of the questions Australian authorities are hoping to answer before issuing new data breach notification laws

Dutch Govt Expresses Intent To Draft New Cybercrime Legislation (infosec island) On October 15th 2012, the Dutch Minister of Security & Justice (Ivo Opstelten) sent this letter (. pdf in Dutch) to the Dutch parliament expressing intentions to draft new cybercrime legislation in the Netherlands. Below is my Dutch-to-English translation of the entire letter

India Cyber Security: Need For More Robust Approach - Analysis (Eurasia Review) Even as, cyber wars, have become a reality across the globe, Indias' security czars have issued a report on Recommendations of the Joint Working Group (JWG) on Engagement with Private Sector on Cyber Security. The pork barreled Report which appears to be designed to benefit the large Information Technology sector in the country has a narrow focus that of convergence in public and private sector on cyber security. The motive is laudable yet the proposals appear to be too infirm to facilitate development of capabilities in meeting the challenges in the cyber domain in real time

Sen. Rockefeller asks Fortune 500 CEOs for cybersecurity best practices (Homeland Security Newswire) Last month, Senator Jay Rockefeller (D-West Virginia) sent a letter to the CEOs of fortune 500 companies asking them what cybersecurity practices they have adopted, how these practices were adopted, who developed them, and when they were developed. Many saw Rockefellers letter as an admission that the Obama administration does not have a basis for trying to impose cybersecurity practices on the private sector through the Cybersecurity Act of 2012. When the act failed to get through the house in early August, the Obama administration said it would consider an executive order to mandate the main clauses in the stalled act, but this has not happened yet

Measured Response to a Limited Threat (New York Times) Federal regulation will only crowd out innovation. The fact is that there is no evidence that anyone has ever died as a result of a cyber attack. And the evidence of cyber attacks causing physical destruction are limited to very subtle and targeted

The Cybersecurity debate (FederalNewsRadio.com) The nation's critical infrastructure needs to be improved to ward off a potential catastrophic cyber attack but the Cybersecurity Act of 2012 is stalled in Congress. What are the President's next steps and how much will this cost? Financial Analyst

Holes in US cyber security (Los Angeles Times) Any business that complied with these practices would have been immune to punitive damages if customers sued them in the event of a successful cyber attack, which is a sensible incentive to participate. Business groups are backing a bipartisan House

Wheeler: ITAR typically no barrier to releasing government open source code (Fierce Government IT) Export control regulations shouldn't necessarily be an obstacle to the release of unclassified government open source code, said David Wheeler, a research staff member of the Institute for Defense Analyses. He spoke Oct. 15 during the Mil-OSS WG4 conference in Arlington

Litigation, Investigation, and Law Enforcement

Twitter Uses Country-Specific Blocking Powers For The First Time To Restrict Neo-Nazi Account In Germany (TechCrunch) Twitter has used country-by-country blocking powers for the first time to restrict access to a neo-Nazi Twitter account in Germany at the request of local authorities. The move was spotted by the FT, which also flagged up two tweets from Twitter's general counsel, Alex Macgillivray confirming both the request to close the account and the fact that Twitter had acted on the request

Chinese cyber-criminals caught laundering $48 mln through online games (Cyberwarzone) In Chinas largest ever cybercrime bust, the authorities have nabbed a gangsuspected of defrauding small-business owners of around 300 million (about $48 million)…The cyber-criminals contacted their victims through Chinese instant-messaging service QQ, where they offered naive users a link to a deal they couldnt refuse

Cyber crime can strangle your business, not just your IT (Cyberwarzone) A conference on the rising threat of cyber attacks emphasised the need for businesses to do more than merely comply with rulesAT RSAS EUROPE conference 2012 in London last week, the information security sector made a case for appropriating the old line about not knowing which 50 per cent of spending is wasted. In keynotes and executive briefings, RSA executives kept returning to the theme that too many businesses invest in the wrong areas of security. For some, dealing with the issue has simply become a box-ticking exercise that owes more to regulatory compliance than addressing actual threats

Apple Vs Samsung: U.K. Appeal Court Upholds 'Galaxy Tab Not Cool Enough To Copy iPad' Ruling (TechCrunch) Apple has lost an appeal against a ruling in a U.K. High Court that Samsung's Galaxy Tab does not infringe the iPad's design. The original ruling by Judge Colin Birss said Samsung's tablets were not cool enough to be confused with Apple's because they lacked the "extreme simplicity" of the iPad. That ruling has now been upheld by the Court of Appeal

The Big Chill: How Obama Is Operating in Unprecedented Secrecy (Huffington Post) Prosecutors had filed 10 felony charges against Thomas Drake, a National Security Agency (NSA) whistleblower who allegedly provided classified information about mismanagement at the NSA to a Baltimore Sun reporter. But days before the trial was to

Obama Pursuing Leakers Sends Warning to Whistle-Blowers (Businessweek) "They want to destroy you personally," said Thomas Drake, a senior National Security Agency employee prosecuted in 2010 by Obama's Justice Department under the Espionage Act. The message to government workers seeking to expose waste, fraud and

White House Review Finds No Evidence Of Spying By Huawei: Sources (Reuters) A White House-ordered review of security risks posed by suppliers to U.S. telecommunications companies found no clear evidence that Huawei Technologies Ltd had spied for China, two people familiar with the probe told Reuters

The Legality of Counterhacking: Baker's Last Post (Volokh Conspiracy) Now the debate with Orin is actually getting somewhere. Sort of. Here's a scorecard: 1. Does authorization depend exclusively on ownership? Orin's latest post does a good job of showing that the CFAA often draws a coherent distinction between rights in data and rights in a computer, and that rights in the computer are the statute's principal focus. I don't disagree

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Anatomy of an Attack (New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.

ZeroNights (Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...

Passwords^12 (, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...

BayThreat (Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.