skip navigation

More signal. Less noise.

Daily briefing.

Mandiant says it's identified individual members of the Chinese hacking group "Comment Crew." It has, moreover, fairly conclusively linked them to a People's Liberation Army cyber espionage organization, "Unit 61398," located in Shanghai. Comment Crew has been implicated in recent attacks on US media outlets.

Another Chinese botmaster has been identified: Zhang Changhe's profession is distributing malware, but he also runs Facebook scams on the side. (He was identified through his own uneasy conscience, which prompted him to confess violations of the Five Precepts of Buddhism in social media fora.)

Information gained from access to Telecom customers' email accounts may enable those who attacked the New Zealand carrier to sweep in victims from other Internet services.

Anonymous threatens the governments of Egypt, Australia, and the Netherlands. The hacktivist "collective" also goes after an investment bank for being a Stratfor client.

BlackBerry warns that TIFF-processing vulnerabilities can be used to compromise BlackBerry Enterprise Server. A malware campaign affects Bulgarian Facebook users. Fake invoices are used to distribute ransomware. IOActive Labs finds many unsecured Internet-connected devices networked with the US Emergency Alert System; expect more zombie apocalypse warnings.

Adobe moves forward with plans to patch Acrobat this week.

Absent extraordinary Congressional action, the US Federal budget will be automatically cut next week. The cyber industry convenes in San Francisco Monday for RSA (we'll follow the event in a special section of the CyberWire).

The United Kingdom and India announce a joint cyber task force. Pirate Bay complains to Finnish police about piracy.

Notes.

Today's issue includes events affecting Australia, Bulgaria, Canada, China, European Union, Finland, France, India, Netherlands, New Zealand, Russia, Singapore, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Chinese Army Unit Is Seen As Tied To Hacking Against U.S. (New York Times) An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups known to many of its victims in the United States as Comment Crew or Shanghai Group to the doorstep of the military units headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area

Unit 61398: A Chinese cyber espionage unit on the outskirts of Shanghai? (Naked Security) Security researchers at Mandiant have published a lengthy report, which appears to track a notorious hacking gang right to the door of a building belonging to the People's Liberation Army of China

Mandiant report on APT1 & China's cyber espionage units (Security Affairs) Early this month it was spread the news regarding a sophisticated cyber espionage campaign against principal media agencies in US, included NYT and Washington Post, the hackers have tried to compromise the email account of journalists to steal sensible information,. The campaign appeared very aggressive, the hackers have tried to infiltrate the network of the journal using 45 instances of targeted malware, as revealed by forensics analysis conducted by Mandiant security firm

Botnet master abuses Facebook for pocket money, researchers reveal (Naked Security) A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently

Personal details of millions of Britons at risk of cyber attack (The Independent) Confidential information about millions of Britons stored on Indian computer systems could be open to cyber attack from terrorists, fraudsters and hostile nations such as China, the Government will admit today. In a tacit recognition of the potential

Telecom cyber attack could spread (Radio New Zealand) The Institute of IT Professionals says a cyber attack that has affected 87,000 Yahoo! Xtra customers at Telecom, could start targetting those from other providers. Yahoo! Xtra email customers had their passwords cancelled at the weekend

Most take advice to change email passwords (Radio New Zealand) Telecom says nearly all of its 87,000 customers affected by a cyber attack have changed their email passwords. The trouble began on 9 February when Yahoo! Xtra customers reported corrupting emails being inadvertently sent to their contacts

OpEgypt: Anonymous Threatens to Continue Attacking Government Sites Video (Softpedia) Anonymous hackers have issued a new statement for Operation Egypt (OpEgypt). The hackers threaten to keep attacking Egyptian government sites, including, but not limited to, the ones of the Ministry of Information, Cabinet of Ministers and the Ministry of Interior. Mr. Morsi does not seem to understand the consequences of his doings

Anonymous OpLastResort hacks investment firm, cites Stratfor ties (ZDNet) Anonymous Operation Last Resort has struck successfully again, leaking crucial files from an investment banking firm allegedly linked to intelligence firm Stratfor. The Anonymous Operation Last Resort campaign returned Monday to leak crucial files from an investment banking firm and a state. gov database "for Aaron Swartz."The OpLastResort Twitter account announced its hack, defacement and data exposure of an investment firm G.K. Baum, seen in Wikileaks email files as an alleged client of global intelligence company Stratfor

Anonymous initiates #opWilders against Dutch political member Geert Wilders arrives in Australia (Cyberwarzone) The #opWilders pastebin appeared on the Internet with the #opWilders hash tag. The Pastebin file containing a message towards Geert Wilders and the people of Australia has been uploaded several hours ago after Geert Wilders arrived at Australia. The message calls for an attack on multiple websites that are spreading fake information about Islamic issues

Burger King downs Twitter account after attack (Reuters-Emirates 24/7) Several tweets carried the logo of McDonald's. Hackers breached the Twitter account of fast-food chain Burger King, posting the online equivalent of graffiti and sometimes making little sense. Burger King Worldwide Inc suspended its Twitter account about an hour after it learned of the attack at 12:24 p.m. EST on Monday, company spokesman Bryson Thornton said in an email

Facebook malware campaign targeting Bulgarian users (Help Net Security) "Being" on Facebook brings its own set of dangers, and among them is inadvertently downloading malware by clicking on links posted by your own "friends". Webroot warns about a malware campaign that

BlackBerry Enterprise Server can be compromised due to TIFF-processing vulnerabilities (Help Net Security) BlackBerry has released details about two critical vulnerabilities that can allow attackers to access and execute code on systems running BlackBerry Enterprise Server

Fake invoices in personalized emails deliver ransomware (Help Net Security) When a business, social network or any other online service that you use or have signed up for sends you an email, they address you by the name you provided. This is one of the things that usually

Facebook engineers compromised by Java zero-day (The H) Facebook logo Facebook has confirmed that systems used by its employees were compromised in an attack which used a Java plugin zero-day exploit. The company explained that it found a suspicious domain in its DNS logs in January and traced it an

Brace for MORE ZOMBIE ATTACK ALERT pranks, warns security bod (The Register) Vulnerabilities in America's TV emergency alert system - exploited last week by pranksters to put out fake warnings of a zombie apocalypse - remain widespread, it is claimed. And that's after station bosses remember to change the default passwords on their broadcast equipment. Mischievous miscreants managed to hack into a television station's emergency alert system in Montana to broadcast an on-air audio warning about the end of the world

Raytheon Can Track You Via Your Social Media Accounts (Mobile Magazine) Privacy has been at the center of social networking over the past couple of years. In fact, Facebook dedicates a great amount of time and money to protecting their users. But after a major hack to Twitter 2 weeks ago and one close call for Facebook just a couple of days ago, what you are about to read might push you over the edge to deactivation

Trust but verify: when CAs fall short (SecureList) We've recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First, only the very same CA that issued a certificate can later revoke it. Second, although web browsers implement several techniques to check the certificate's revocation status, errors in the procedure are rarely considered hard failures

Security Patches, Mitigations, and Software Updates

Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch (ZDNet Australia) Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch this week. Summary: Adobe is rushing out a patch for Reader and Acrobat flaws that hackers are already exploiting

Cyber Trends

Most Americans Believe U.S. Businesses Are Vulnerable To Cyberattack, Study Says (Dark Reading) Ninety-three percent believe U.S. corporations are at least somewhat vulnerable to state-sponsored online attacks, Tenable report says

Value of wireless packet core market to top 6bn dollars in 2017 (Misco) In addition, there is the need to address issues such as deep packet inspection (DPI) and Wi-Fi management and Dell'Oro believes that new wireless packet

Cyber: Unclear and present danger (The Interpreter) There is widespread concern about strategic competition in cyberspace, including cyber espionage and cyber attack as an element of armed force. Cyber infrastructure is critical to the global economy. Yet it is badly secured, worse governed, and a place of interstate competition and potential conflict

Special report: Cloud 2.0 begins to take shape (Computing) "I think this is absolutely the right way to be going," said Raj Samani, EMEA CTO for McAfee and strategy adviser for the Cloud Security Alliance

Marketplace

RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah (Dark Reading) Pro tip: It's not threats, it's not capabilities, it's integration. Spending on security and identity continues to progress and vendors, nothing if not observant, have tried their best to productize the gap between enterprise want and what currently exists. Shopping for rugs in Tangier feels sedate compared to walking the RSA showroom floor

Obama ramps up pressure on GOP to avert budget cuts (Los Angeles Times) With less than two weeks before across-the-board spending cuts begin taking effect, President Obama is cranking up pressure on congressional Republicans to agree to a Democratic plan that would temporarily block the deep reductions

Congress Leaves Town With Layoffs In Its Wake (Washington Times) Defense-related companies large and small are preparing to lay off thousands of employees as Congress takes a recess this week, so far unable to agree on how to undo automatic military spending cuts

SAIC Awarded Contract by Department of Defense (Sacramento Bee) Science Applications International Corporation (SAIC) (NYSE: SAI) announced today it was awarded a prime contract by the Department of Defense (DoD) to provide manufacturing, systems engineering and integration support services. The single-award, indefinite-delivery/indefinite-quantity (IDIQ) contract has a one-year base period of performance, four one-year options and a total contract value of $65 million, if all options are exercised. Work will be performed primarily in Columbia, Md

Bob Fecteau Joins SAIC As CIO, Charles Beard Leading Cyber (GovConWire) Charles Beard, SAIC senior vice president and its former CIO, ... as CIO for both the customer solutions and intelligence and security business groups

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods (The Register) Despite the best attempts of security vendors, neither online stores nor the financial industry seem particularly keen to adopt DNSSEC tech - an anti-fraud mechanism that makes it difficult for fraudsters to spoof legitimate websites. DNSSEC (DNS Security Extensions) uses public-key encryption and authentication to guard against the domain name cache poisoning attack famously highlighted by security researcher Dan Kaminsky back in 2008. The technology works by building up a chain of trust

Your data privacy assured in Canadian clouds (Calgary Herald) A recent article in the Ottawa Citizen suggested that American spies can snoop through Canadians' computer data - including that of political organizations and without warrants - if the data resides within popular U.S. cloud computing services

Products, Services, and Solutions

10 Commandments Of Application Security (Dark Reading) While application security cascades into just about every facet of IT security today, many enterprises have a difficult time implementing sustainable application security programs that offer measurable benefits to the business. A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10

Office 2011 for Mac: same product, now 20 dollars more (Ars Technica) The prices match the equivalent Office 2013 packages for Windows

Yandex, The Google Of Russia, Beats Estimates On Sales of 290M Dollars As Search Volume Grows, But Domestic Share Stagnates At 60.5 Percent (TechCrunch) Yandex, the "Google of Russia" that runs the country's dominant search engine along with a number of cloud-based apps, has just announced its quarterly and full-year earnings. And while the company saw one setback in its efforts to expand its presence internationally and on to new platforms like mobile, the mainline figures show that the company continues to grow. In the quarter that ended

Bot-Trek Group-IB software: Botnet intelligence collector tool (Cyberwarzone) Group-IB, Russia's leading computer security company, has announced Bot-Trek(TM), a comprehensive tool that gathers compromised data and intelligence from botnets and makes it available to the original Intellectual Property owners via a SaaS solution. Botnets is an exploding problem. They are used to steal private data, send spam, provide anonymous services for crimes, and perform DDoS-attacks

Samsung addresses the world's surprisingly huge demand for cheap smartphones (Quartz) Sometime this year or next, a remarkable thing will happen: Driven largely by the purchasing power of the world's growing middle class, more people will buy a smartphone than a regular "dumb" cellular phone. In the last quarter of 2012, the numbers were already close: people bought 264.4 million non-smartphones, which the industry calls "feature phones." In the same quarter, they bought 207.7 million smartphones. The gap is closing, reports Gartner, with sales of feature phones down 19% since 2011, and sales of smartphones up 38% in the same period

Businesses Move Security to the Cloud (BizTech Magazine) That's why The Sak Brand Group uses Panda Security's Panda Cloud Office Protection. "We run a lean operation," says Roger Micone, systems administrator for

Technologies, Techniques, and Standards

Software Security - Why Aren't the Enterprise Developers Listening? (infosec island) While there are plenty of enterprises out there that have figured out a formula for making software security work for them, for every one organization that 'gets it' there are many times more organizations that are struggling with software security year over year, quarter over quarter, day after day. Why? There are plenty of reasons we can blame these vast failures on ... immature tools, cookie-cutter processes, poor sentiment from the enterprise leadership ... blah blah blah ... bottom line is it's 2013 and companies big and small are still struggling with poor code quality, a negative dynamic between developer and security person, and other assorted issues

Notes for surviving NERC CIP (Energy Central) When new regulations come into play, such as NERCs Critical Infrastructure Protection (NERC CIP) requirements a few years ago, its fairly normal for everyone involved to, basically, freak out a little. The power industry definitely did: There were laments and, Id dare say, crying in some circumstances. But, the regulators would argue that its all for a good cause

Police enlist war tech in crime fight (Washington Post) Wartime technology used by soldiers in Iraq and Afghanistan is increasingly making its way to U.S. cities and towns, changing the way police investigate crimes by focusing not where crimes have happened but where they most likely will happen next. One of the latest technologies, called "geospatial predictive analytics," has helped police chase copper thieves in Virginia and a strangler in Philadelphia -- and enabled officers to deploy police smartly across the Washington region during the mysterious shootings of military installations in 2010

Academia

Rose State students find opportunities with cyber security (Newsok) Joyce Schwartz worked in retail and other hourly jobs for 30 years before deciding it was time to try for a college degree. She didn't know much about computers, only what she needed for her job. But despite her lack of expertise, Schwartz thought she'd try her hand at cyber security

Ohio State's national-security major attracts undergraduates (Columbus Dispatch) Marzalik and D'Angelo say that, as juniors, they already have job offers from the National Security Agency. A similar boom happened in the first years of the Cold War with international-studies and diplomatic programs, Recco said. International studies

Legislation, Policy, and Regulation

UK, India sets up joint cybercrime task force (ZDNet) The collaboration will give additional assurance to the U.K. as it looks to protect its citizens' personal banking and mobile phone data, much of which are currently stored on Indian servers. India and the United Kingdom will be looking to seal an agreement Tuesday to establish a joint task force to combat online crimes. In a Reuters report Tuesday, Prime Ministers David Cameron and Manmohan Singh are expected to agree on plans to create the new unit in a move that the U.K. hopes will help it safeguard the personal banking and mobile phone data of millions of its citizens

Cybercom Commander Calls Cybersecurity Order First Step (Albany Tribune) The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said this week

Litigation, Investigation, and Law Enforcement

We can't block YouTube, Egypt's telecomms authority tells the court (Infosecurity-Magazine) At the time, the judge suggested that it was a ruling on a case brought several months earlier, but gave no further details. The video, a 13-minute clip billed as a film trailer, has caused huge outrage among Muslims. It depicts Mohammad as a fool and sexual deviant

Pirate Bay files police report alleging piracy by pro-copyright organization (ComputerWorld) Parody site imitates appearance of Pirate Bay site while providing links to two directories of legal download sites. The Pirate Bay reported an anti-piracy organization to Finnish police on Monday for allegedly breaching its copyright

Burdens of Proof: Cryptographic Culture & Evidence Law in the Age of Electronic Documents (infosec island) When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly

PayPal suspends personal payments in Singapore (Finextra) PayPal has been forced to suspend personal payments in Singapore by regulators, according to TechCrunch. Citing an e-mail sent out to members, TechCrunch says that the transfer of money between personal accounts will not be allowed from 20 February. Users will still be able to make commercial payments for goods and services and receive personal payments from people outside of Singapore

ICO dishes 150,000 fine after nursing body loses unencrypted DVDs (TechWorld) The ICO has handed out an unusually severe 150,000 fine to the Nursing and Midwifery Council for losing unencrypted DVDs full of sensitive data that were being transported to a misconduct hearing. The three DVDs of highly sensitive witness videos of children were supposed to be delivered to a Cardiff hotel for a nurses 'fitness to practise hearing on 7 October 2011, but when it arrived the package was found to be empty.

Dutch Court Fines MP for Hacking into Medical Laboratory (Softpedia) Henk Krol, a Dutch Member of Parliament (MP) and the leader of the 50plus political party, has hacked into the systems of the Diagnostics for You medical laboratory in an attempt to prove that the organization was vulnerable. Despite the fact that his intentions were good, a court has ordered him to pay a $750 (1,000 EUR) fine because of the way he handled the issue. According to ITWorld, Krol used a password provided to him by an individual who overheard the information from one of the laboratorys employees

After ban, Kai-Fu Lee invites 30M to follow him on Twitter (CNet) Former Google China chief gets kicked off China-based microblogging sites after complaining about state controls over the Internet. An outspoken opponent of censorship in China, Kai-Fu Lee has responded to a ban from social networks in his homeland by inviting his 30 million followers to follow him on Twitter

EU 'may take action' against Google over privacy policy (BBC) Regulators spent nine months investigating Google's data collection practices. EU watchdogs plan to take action against Google by this summer over the web giant's current privacy policy, French privacy regulator CNIL has said. Since March, Google has been combining data from across its sites to potentially better target adverts - which regulators see as "high risk" to people's privacy

FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool (Slate) It was described recently by one rights group as a "secretive new surveillance tool." But documents just released by the FBI suggest that a clandestine cellphone tracking device known as the "Stingray" has been deployed across the United States for almost two decades--despite questions over its legality. Stingrays, as I've reported here before, are portable surveillance gadgets that can trick phones within a specific area into hopping onto a fake network. The feds call them "cell-site simulators" or "digital analyzers," and they are sometimes also described as "IMSI catchers." The FBI says it uses them to target criminals and help track the movements of suspects in real time, not to intercept communications. But because Stingrays by design collaterally gather data from innocent bystanders' phones and can interrupt phone users' service, critics say they may violate a federal communications law

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.