skip navigation

More signal. Less noise.

Daily briefing.

The US Federal Reserve still has little to say about the attack it sustained over the weekend. ZDNet reports that the attackers gained access to the St. Louis Fed's Emergency Communications System, and it quotes a security specialist familiar with the system who charges that, contrary to Fed denials, the data exposed are "absolutely rife with account details." CSO says that the Fed is, at the very least, off-message in resisting attack disclosure.

A new exploit kit, "Whitehole," is out on the black market. It packages five Java Runtime Environment exploits. D-Link routers are alleged to suffer from plaintext credential and unauthenticated OS command injection vulnerabilities. A new mobile phone number harvester is implicated in SMS spam.

In what we may read as a sign of the financial sector's security success against advanced threats, banking malware appears to be trending back to older, relatively primitive phishing techniques.

China's Xinhua news agency reacts to international suspicion of Chinese activities in cyberspace by claiming, plausibly but ultimately unpersuasively, that, hey, we're the real victims here.

PostureSQL fixes a vulnerability to denial-of-service attacks. Adobe patches Flash to close a hole that's being exploited in the wild. Microsoft previews patch Tuesday, announcing it will close fifty-seven vulnerabilities.

CSO offers breezy reviews of leading security companies with quick thumbs-up-or-down profiles. CSC reveals more of its M&A strategy: the firm intends to beef up its cyber and big data capabilities through acquisition.

Dark Reading discerns a cloud-driven security trend: identity access management is replacing perimeter security.

Notes.

Today's issue includes events affecting Belarus, China, European Union, Finland, Germany, Iran, Ireland, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Anger rises as Fed confirms Anonymous hack, downplays US bank emergency system breach (ZDNet) The Federal Reserve has confirmed Sunday's Anonymous hack; ZDNet has learned the exposed information is from thousands of Fed emergency system bank contacts. After Anonymous posted sensitive credentials of over 4,600 banking executives to a government Web site on Super Bowl Sunday, the Federal Reserve acknowledged the attack in a Tuesday morning statement to affected individuals and press

Fed stays secretive after Anonymous hack (CSO) Security experts ask if government won't share information, why should the private sector? U.S. government officials, from President Obama to the ranks of Congress, regularly claim they want voluntary, substantive sharing between the public and private sectors on cyberattacks, vulnerabilities and breaches. Given that, the Federal Reserve is not on message following a Super Bowl Sunday hack. The Fed acknowledged this week only what it had to -- that one of its websites had been breached on Super Bowl Sunday by a group calling itself OpLastResort, which is tied to the hacktivist collective Anonymous

Whitehole exploit kit in the spotlight (Help Net Security) The effectiveness of exploit kits has made them malware peddlers' preferred way of distributing their malicious wares. The Blackhole exploit kit is, by far, the most most used one, and has pretty much cornered the market at the moment, but there are other kits out there looking to challenge its supremacy. Among them is a new exploit kit that has been dubbed "Whitehole" by researchers for the simple reason of differentiating it from Blackhole. Whitehole employs exploits for five Java Runtime Environment vulnerabilities, and among them is also the recently patched zero-day (CVE-2013-0422) that has ben wreaking havoc last month, and exploits for which have been added both to the Blackhole and Cool exploit kit

Researcher Warns of D-Link Router Vulnerabilities (Threatpost) A combination of vulnerabilities in D-Link's DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device, according to German security researcher Michael Messner who publicly disclosed the flaw on his personal blog Monday

Mobile Phone Number Harvester Fuels SMS Spam (Threatpost) The latest version of a phone number harvesting tool offers its users the ability to trawl the public web and collect mobile phone numbers indexed on sites that ask visitors for them, according to a Webroot report

Banking malware goes back to basics (IT World) Financial malware authors are trying to evade new online banking security systems by returning to more traditional phishing-like credential stealing techniques, according to researchers from security firm Trusteer

Digital certificates and malware: a dangerous mix (Help Net Security) In the past few days we have heard several stories about major corporations getting hacked and their security systems completely bypassed. If anything, that should remind us of how vulnerable our data

Fake Amazon Kindle receipt leads to persistent malware (Help Net Security) Amazon customers buying e-books for their Kindle or other mobile devices should be careful with emails that seemingly containing receipts for their purchases, warns Webroot, as malware peddlers have

Facebook breaks the internet (Sydney Morning Herald) Facebook briefly broke parts of the internet on Friday with users unable to access websites. It appears the Facebook plugins found on thousands of web pages, which allow people to share or recommend articles, for example, were faulty. Those visiting websites including Fairfax news sites, BuzzFeed, The Huffington Post, The Washington Post, CNN and more were instead directed to a Facebook error page with a message saying "An error occurred

Ad network site hack results in popular sites flagged as malicious (Help Net Security) Google Chrome users trying to visit a slew of popular news sites such as the New York Times, the Washington Post, ZDNet and the Huffington Post on Monday were faced with pop-ups warning them that doing

Business is booming for exploits, mobile malware (Help Net Security) Business is thriving for exploits, mobile malware is still dominated by Android and Symbian, and botnets are back and retooled, according to a new threat report from F-Secure Labs

None of the 100 largest e-commerce sites have fully implemented DNSSEC (Help Net Security) The biggest brands in e-commerce are overlooking a critical security technology that could reduce the risk of identify theft and credit card fraud. An analysis of the 100 largest e-commerce compani

China threatened by overseas hackers (Xinhuanet) Recently foreign media have been hyping up "cyber attack from China" and the talk of a "Chinese hacking threat" is in the air. But it turns out that China is actually the real victim of cyber attacks, Xinhua reported, citing statistics from the National Computer Network Emergency Response Coordination Center of China (CNCERT/CC). The number of Internet users on the Chinese mainland keeps rising sharply, but Chinese users dont take net safety protection as seriously as do most western users

The Ultimate Invasion of Privacy (Slate) How a Chinese hacker used my private nickname, personal emails, and sensitive documents to try to blackmail me. In 2007, I opened an email from an unknown sender. The message greeted me by a nickname known only to family and close friends. I was in Shanghai, unwinding late at night after a long day, pleased to be contacted by someone familiar from across the Pacific. I figured someone close to me must have gotten a new email address. But the note was signed "Eric." I did not know an Eric

6 Reasons Hackers Would Want Energy Department Data (InformationWeek) In Department of Energy breach, what was driving attackers to steal employee data? Stuxnet revenge is one theory

George Bush's family emails hacked (Guardian) Investigation launched into how Guccifer posted photos and personal emails of ex-US president George HW Bush online. An investigation has been launched into how a hacker managed to access the email accounts of the former US president George HW Bush and members of his family

Iran Shows Video It Says Was Made By U.S. Drone (New York Times) In what Iran is calling a new demonstration of its military advances, state television has broadcast clips from what was described as encrypted video footage extracted from the camera of an unarmed American surveillance drone, which was seized in Iranian territory in December 2011

Security Patches, Mitigations, and Software Updates

PostgreSQL Patches DOS Vulnerability, Other Security Issues (Threatpost) PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service (DOS) vulnerability in addition to a slew of other security flaws

Adobe patches Flash - heads off in-the-wild attacks against Windows and Apple users (Naked Security) It's not Tuesday…Nevertheless, Adobe's Flash Player has been upgraded to patch against two in-the-wild exploits against Windows and Apple users

Microsoft to patch 57 vulnerabilities (Help Net Security) The February 2013 Microsoft Patch Tuesday bulletin was released with 12 advisories and is bigger than average, which means security and IT teams will be busier than average. It's both good and bad new

Cyber Trends

Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 (Threatpost) Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the ubiquitous Zeus banking Trojan.

Defense Secretary Panetta warns next Pearl Harbor could be cyber attack (Gant Daily) Defense Secretary Leon Panetta repeated his warning that the next Pearl Harbor could be a cyber attack after a speech at Georgetown University Wednesday. Answering a question from a student if cyber warfare will be a viable and important part of future U.S. defense policy during the question-and-answer session, Panetta replied, "I believe it, that it is very possible the next Pearl Harbor could be a cyber attack; that you could, in fact, cripple our, as I said, our power grid system, our government systems, our financial systems with a cyber attack, and it would have one hell of an impact on the United States of America. That is something we have to worry about and protect against"

BYOD is increasing IT frustration and loss of control (Help Net Security) IT is concerned about rising mobility costs and feeling frustration and loss of control over BYOD, according to iPass and MobileIron. The majority of survey respondents (57 percent) thought their mobile

Zero Day (Canny Outlaw) In recent years, the world of espionage has changed so much even James Bond has had to adapt. Anthony takes us deep inside a world most of us know almost nothing about — cyber espionage — to give us a detailed and dramatic account of the darker side of the internet

The privacy cliff and how not to fall off it (Help Net Security) We are all hearing the phrase "fiscal cliff" considerably more times than is useful. So far, however, nobody's mentioned a "privacy cliff." They should: it's a very big deal

Marketplace

Security Wisdom Watch: Broken tools edition (CSO Salted Hash) Every security tool fails once in a while. What's important is how the vendor responds. Show me a piece of security technology, tell me it's bullet-proof and I'll call you a liar. No matter how good the product, glitches happen. So it's sad when vendors try to downplay it. Recent incidents have me thinking about how vendors have responded to bad news in the past. My conclusion: The most important measurement is how well or poorly they communicate with the customer

US Spy Chief Warns Cuts Will Hurt Morale (Agence France-Presse) Clapper, America's director of national intelligence, voiced grave concern over plans to impose a furlough on all Defense Department civilian employees if drastic automatic budget cuts enter into force next month

NTIA announces FirstNet state planning grant requirements (FierceGovernmentIT) The National Telecommunications and Information Administration announced Feb. 6 state allocations of $121.5 million in federal grant money to be used for planning the nationwide public safety broadband network

7 Moves Dell Must Make Now (InformationWeek) Dell's decision to go private was a bold step, but the company must continue making aggressive decisions to succeed

Mike Lawrie: CSC Pushing For Cloud, Cyber, Big Data Business Mix (Govconwire) Computer Sciences Corp. (NYSE: CSC) is increasing its investments in target areas of cloud computing, cybersecurityMeasures taken to protect a computer or computer system against unauthorized access or attack. and big data to pursue growth, CEO Mike Lawrie said Tuesday. According to the Washington Business Journal, Lawrie said during an earnings call with investors that

Northrop Promotes Michael Hardesty To Corporate VP, Chief Accountant (Govconwire) Northrop Grumman's (NYSE: NOC) board of directors has promoted Michael Hardesty, a former vice president of business management, to serve as corporate vice president, controller and chief accounting officer. His promotion is effective immediately and he succeeds Kenneth Bedingfield, who is now VP of business management and chief financial officer in the aerospace systems sector

Intelligent Decisions Names Mark Garrett Defense Business Development Head (Govconwire) Intelligent Decisions has appointed 15-year public sector sales veteran Mark Garrett director of business development for the company's Defense Department portfolio. Garrett will be responsible for pursuing new business opportunities within the uniform service and defense intelligence agencies and also manage the company's existing relationships, the company said. Harry Martin, president and CEO, said the

BAE Names Dave Herr Service Sectors EVP (Govconwire) BAE Systems' U.S. subsidiary has appointed Dave Herr, president of the support solutions sector, to serve as executive vice president of the service sectors, effective immediately. Herr will lead the support solutions sector until the company names a successor, BAE said Thursday. He will also join Linda Hudson, president and CEO, and Tom Arseneault, executive

Iron Bow Wins Cisco Security Certification (GovConExecutive) Iron Bow Technologies has achieved a Cisco security certification based recognizing its work in deploying security projects and vulnerability assessments based on benchmarks for customer satisfaction, personnel and support

Catapult Names Salient, Dell Vet Bruno Mahlmann An IT SVP (GovConWire) Federal information technology and consulting provider Catapult Technology has appointed 17-year CIA and 11-year contracting veteran Bruno Mahlmann senior vice president for national security information technology solutions

HP places new sanctions on student labor in China (CNET) The company has apparently sent new rules to its suppliers that are designed to protect student interns and improve their working conditions. Hewlett-Packard has placed new rules on its China-based suppliers over how they handle student labor, according to a new report

Products, Services, and Solutions

F-Secure Client Security updated with threat detection technology (Help Net Security) As the cost of cybercrime continues to soar, affecting businesses around the world, F-Secure is introducing the latest version of its corporate endpoint security product, F-Secure Client Security

Size Doesn't Matter In IaaS Game, ElasticHosts Says (InformationWeek) Small infrastructure-as-a-service provider cobbles together a global system of leased spaces to compete with Amazon, Rackspace and other major cloud services

iPhone 5, iOS 6.1 jailbreak tool released (ZDNet) Evasi0n jailbreak for iPhone 5 handsets and iOS 6.1 devices

Cisco unveils open networking 'fabric' for data centers, clouds (Help Net Security) Network speed, latency, and greater network port density in a single unit are key considerations for customers deploying virtualized data centers and moving to a managed cloud environment where

Oracle releases MySQL 5.6 (Help Net Security) Oracle today announced MySQL 5.6, the world's most popular open source database. With increased performance, scalability, reliability and manageability, MySQL 5.6 helps users meet the most demanding

Technologies, Techniques, and Standards

Is Identity The New Perimeter? (Dark Reading) Network controls can't scale with cloud and mobile, so CISOs are using IAM as the new lever for security control around corporate access

Mobile app security: Always keep the back door locked (Ars Technica) The best way to keep mobile apps safe is to secure the services they connect to. In the 1990s, client-server was king. The processing power of PCs and the increasing speed of networks led to more and more desktop applications, often plugging into backend middleware and corporate data sources. But those applications, and the PCs they ran on, were vulnerable to viruses and other attacks. When applications were poorly designed, they could leave sensitive data exposed

Is it Spam or Is it Malware? (Internet Storm Center) Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pic's. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete

US - NARUC Cybersecurity Guide for State Regulators 2.0 (NAURC) This primer was prepared by the National Association of Regulatory Utility Commissioners as a tool for policy-makers who are charged with making decisions about the electric, gas, water, communications, and transportation systems that are vital to everyday life. Increasingly, these systems are being interconnected with the ability to generate, share, and act on data. With these cyber-capacities come new cyber-vulnerabilities that must be managed by regulators and the infrastructure operators they regulate

Payment Card Industry clears up confusion over cloud use (CSO) New Data Security Standards (DSS) for the cloud make clear the responsibilities of merchants and service providers. The Payment Card Industry Security Standards Council (PCI SSC) has published guidelines for using the cloud for credit card processing, ending the guesswork that has plagued merchants and cloud providers. The PCI SSC introduced its Data Security Standards (DSS) for the cloud Thursday. The guidelines are expected to clear up the confusion that resulted from auditors giving different interpretations in applying pre-cloud standards to the modern computing platform

Learn by doing: Phishing and other online tests (Help Net Security) As a tech-savvy person in a family that mostly consists of low level Internet users - and especially because of my line of work - I'm often tasked with helping them when their computers become riddled

NIST releases final draft of cybersecurity document for public comment (FierceGovernmentIT) After two years of toiling and several revisions, the National Institute of Standards and Technology is seeking public comment on a final draft of the fourth revision to the security safeguards and countermeasures that federal agencies will use to protect their data and information systems, according to a Feb. 6 NIST press release

Email Overload: Can Social Really Help? (InformationWeek) Social collaboration platforms promise less email in corporate in-boxes, but do they deliver? The small business Brilliant Life Design finds out with a trial of Sendgine

Security experts turn to big data for help (FierceBigData) Until recently, a good security analyst could eyeball a stream of data and detect a malicious attack if he or she could isolate the right view of the data. Like many traditional practices in IT and networking, the deluge of data is making eyeballing a lost art. The quantity and variety of data and the frequency of attacks has made it harder to isolate the right view and detect attacks. So, security companies are beginning to incorporate big data techniques to improve threat detection and prevention

Design and Innovation

Meet The Next 10 Companies To Come Out Of StartX, Stanford's Student Startup Accelerator (TechCrunch) Stanford's student startup accelerator, StartX, had its eighth demo day tonight in Palo Alto, showing off the latest class of 11 companies* to go through the program. The accelerator, which just raised another $400,000, has already had about 100 startups go through, raising $100 million along the way between them. This next batch is hoping to follow that lead

Big data and the disputation arena (FierceBigData) Even though I was told by a famous and favorite writer of mine (may he rest in peace) to never allow myself to be a fan of him or anyone else--I don't always heed his advice. I am weak that way. I like being a fan. So, I remain a fan of a different writer, a man for whom I justify my fandom by fostering the untruth that his work is, after all, "just fiction" and worse still is "science fiction," and therefore entertainment, which makes being a fan acceptable

Research and Development

Nanoscale Chip Design Enables Future 'Internet of Things' (IEEE Spectrum) New chip design on the nano scale reduces energy consumption on chips and work off photovoltaics so batteries last forever

DARPA on Cyber Targeted-Attack Analyzer program & micro-satellites (Security Affairs) Protect the country, population and assets from cyber threats, this is a must for every government, a challenge for every state, new processes, large investment and innovative researches are the topics most debated in this period. Yesterday I wrote about the Russian government and its commitment to strengthen cyber defense, today I desire to introduce how US are trying to improve their cyber capabilities to face with cyber threats. Surely one of the most interesting and prolific agency in this sense is the US DARPA (Defense Advanced Research Projects Agency) responsible for the development of new technologies for use by the military, so I decide to introduce some of its actual and future works that could impact security in cyberspace. Few days ago the agency announced the development of a program to design a defense system able to uncover and prevent targeted cyber attacks based on the computer network managed directly from Department of Defense

Japan holds first hacking contest backed by government (Help Net Security) Despite being one of the greater world economies and being technologically advanced as few others, Japan has woken up to the reality of cyber crime relatively late. The highly publicized compromise

Legislation, Policy, and Regulation

UK government plans to track ALL web use: MI5 to install 'black box' spy devices to monitor British internet traffic (Daily Mail) The spy network will rely on a technology known as Deep Packet Inspection to log data from communications ranging from online services like Facebook and

Cyber Security Proposal Looks To Force Companies To Report Hack Attacks (RedOrbit) According to Kroes, one-third of all UK small businesses suffered a cyber-attack last year alone. 93 percent of larger businesses came under an attack of some sort in the same year. If these companies were required to report these breaches, says Kroes

Heads-Up - Storm cloud emerges from EU cybersecurity strategy (Eur Activ) While viewed as a step in the right direction, the EUs new cybersecurity strategy is criticised by experts for its lack of clarity on ensuring the safety of cloud computing. The European Commission released its cybersecurity strategy yesterday (7 February - Note Bricade - Article says 7 January) to address concerns and promote greater internet safety. But the obligation put on EU member countries to report cyberattacks are vague and appear to do little to protect EU citizens' data stored outside the EU, said lawyer Wim Nauwelaerts

Infosec pros give verdict on EU's new cybersecurity strategy: 'Nice try' (Naked Security) The European Commission on Wednesday launched a proposal for a new cybersecurity strategy with good intentions and great fuzziness, as some dissatisfied infosec professionals see it

EU proposes to make data breach disclosure mandatory (Help Net Security) The European Commission has today announced the launch of new proposals that include a requirement for EU member states to appoint an independent CERT and pivotally calls for each to create a national

Belarus Is Blasting the U.S. Government's Invasions of Privacy. Like It's One To Talk. (Slate) Calling out hypocrisy by resorting to hypocrisy is not usually a tactic that will win you an argument. But no one seems to have told Belarus. Known as Europe's last dictatorship, the country has a dismal record when it comes to human rights and is fond of mass surveillance of citizens. However, that hasn't stopped it from releasing a new report this week, Human Rights Violations in Certain Countries in 2012, which savages the United States for "unlawful interference with privacy"

NGOs decry U.S. lobbying campaign against European Union data protection directive (FierceGovernmentIT) More than a dozen consumer and civil liberties groups sent a letter to the Obama administration urging the United States to support Europe's efforts to update and strengthen privacy legislation while decrying an "unprecedented lobbying campaign" by the U.S. government and industry to limit the protections that the proposed European Union data protection directive would provide

Litigation, Investigation, and Law Enforcement

North Shore University Hospital Sued Over Security Breach (eSecurity Planet) The lawsuit seeks both compensatory and punitive damages. Twelve people recently filed a lawsuit against New York's North Shore University Hospital in response to the theft of hospital face sheets containing their personal information (including names, addresses, Social Security numbers, birthdates, medical histories and other data)

What Software Is Patentable? Federal Court To Consider In CLS Bank Rehearing (TechCrunch) Software patents continue to command the spotlight. The Federal Circuit will hold an en banc rehearing of a prior decision, CLS Bank International v. Alice Corporation. In that decision, a three-judge panel ruled that an invention related to a computerized

Former Employee Charged With Accessing Thousands of Driver's Licenses (Threatpost) A former Minnesota state employee was charged Thursday with misdemeanors for allegedly accessing thousands of driver's licenses during a four-year period and storing 172 of them in an encrypted file. Ninety percent of victims in the data breach were women

Cyber criminals target mobile users, social media (Sydney Morning Herald) Australia's top cyber cops are warning that social networking sites such as Facebook are increasingly being targeted by cyber criminals as a way to steal internet users' money. The growing commercialisation of social media through links to online trading such ''buy, swap and sell'' sites means cyber crooks now have a strong motivation to hack people's account details, police say. In an interview with Fairfax Media, the Australian Federal Police's manager of cyber crime operations, Commander Glen McEwen and Melbourne team leader Federal Agent Scott Mellis outlined a range of new threats facing web users

Secret Surveillance Court Gets New Presiding Judge (Wired) Perhaps the only thing we know about the goings on of the secret Foreign Intelligence Surveillance Court other than it granting the government unfettered spy powers is that its getting a new presiding judge. The 11-judge court was set up in the wake of the Watergate scandal in the President Richard M. Nixon era, and is best described as a rubber-stamp for giving the federal government carte blanche powers to spy on Americans at home or abroad. The court is not in Iran or Venezuela, as one might expect, but meets in secret in the District of Columbia with federal authorities and doles out spy warrants without even knowing a targets name

Facebook deleted all EU facial recognition data, regulators confirm (CSO) Both the Irish data protection commissioner and a German regulator confirmed Facebook deleted the data. Facebook has deleted all European facial recognition data, the Irish data protection commissioner and a German data protection regulator confirmed independently Thursday after reviewing parts of the social network's source code

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.