skip navigation

More signal. Less noise.

Daily briefing.

Bloomberg breaks news of another major Chinese cyber espionage campaign, this one directed against defense and security contractor QinetiQ North America. The campaign lasted at least five years, involved multiple (and diverse) points of attack, and succeeded against a company whose considerable security expertise failed to prompt effective action once warnings appeared. The attackers stole technology that now appears in fielded Chinese systems. The notorious People's Liberation Army Unit 61398 (a.k.a. "Comment Crew") is blamed for the attack; Terramark, HBGary, and Mandiant were engaged to contain it, apparently with mixed success.

The story is worth close attention because it's by no means an aberration. As a Center for Strategic and International Studies senior fellow put it to Businessweek, "The line forms to the left when it comes to defense contractors that have been hacked."

The US Department of Labor's website (now fixed) was hacked to serve malware in a watering hole attack. Unknown parties breached a US Army Corps of Engineers database recording physical vulnerabilities in dams.

In industry news, South Carolina's recovery from last year's data breach offers lessons for businesses approaching this market. VentureBeat offers Fixmo as an example of how an international company can succeed in the US security market. Struggling tech companies continue to grasp at cyber as a profitable lifeline. Apple thinks its designs have suffered from skeuomorphism. (Who knew?)

The US FBI wants backdoors it can use to push through carrier reluctance to cooperate with eavesdropping. Thirty-six governments worldwide now use FinFisher for surveillance.

Notes.

Today's issue includes events affecting Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, China, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Republic of Korea, People's Democratic Republic of Korea, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Taiwan, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

China Cyber Hacking the U.S. for 5 Years, Report Confirms (International Business Times) QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information - all this because of QinetiQ's faulty decision-making

'Chinese' attack sucks secrets from US defence contractor (The Register) Just when it looked like US-China relations couldn't get any more frosty, news has emerged that defence contractor QinetiQ suffered a massive breach of classified data over three years which may have leaked advanced military secrets to the infamous PLA-linked hacking gang Comment Crew

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data (TechWorld) One of the US's critical military and espionage contractors QinetiQ North America (QNA) was successfully pillaged for huge amounts of top-secret know-how by the infamous Chinese 'Comment Crew' or PLA 61398 hacking group in a campaign stretching over years, Bloomberg has reported

China Cyberspies Outwit US Stealing Military Secrets (Businessweek) Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East. Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone heads a major division. Its U.K. parent was created as a spinoff of a government weapons laboratory that inspired Q's lab in Ian Fleming's James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts

China's hackers shifting focus: report (Taipei Times) China's cyberarmy now numbers more than 100,000, has a budget of more than US$2.71 million and targets telecoms and think tanks, the NSB said. The National Security Bureau (NSB) believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems, according to an NSB report

Jaws, Nuclear Weapons, and Cyber War (Huffington Post) The top Chinese official of the People's Liberation Army, General Fang Fenghui, created his own Jaws effect when he recently announced that the consequences of a major cyber attack "may be as serious as a nuclear bomb." You yell cyber, everybody says

Reputation.com resets all user passwords following breach (Naked Security) Fortunately, the few passwords that were nabbed were salted and hashed. Also, the company doesn't request sensitive information such as Social Security Numbers and doesn't store financial data such as credit card numbers or bank accounts. Kudos for good security practices, guys

US Department of Labor website hacked, serves malware, now fixed (Naked Security) A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware. Paul Ducklin takes a quick look at the attack

Watering Hole Attack Claims US Department of Labor Website (Threatpost) The United States Department of Labor website was hacked in a watering hole attack. The website was redirecting visitors to a malicious site hosting the Poison Ivy remote access Trojan

Army Corps database on dams compromised (CSO) Expert says breach aimed at collecting 'vulnerability and targeting data' for attacks, but another says simple engineering espionage more likely

Wave of Online Frauds Follow Boston Tragedy, Reports Trend Micro (SPAMfighter News) According to Trend Micro the security company, after the terrible bombing of April 15, 2013 during the marathon race at Boston (USA), cyber-criminals have

Fake Apple Store Invoices Deliver Malware (eSecurity Planet) A massive spam campaign addresses recipients by their names, and identifies itself as a 'third reminder' to pay an invoice

ESEA gaming client hijacks GPUs for Bitcoin mining (CSO) The co-owner of widely used computer gaming service ESEA has admitted that the company used its client software to mine bitcoins using customers hardware without their knowledge. Some ESEA users say that the unannounced activity overheated their graphics cards, damaging them in the process

ThreatMetrix's cautionary infographic on using Starbucks wi-fi (CSO) A pretty good infographic on the dangers of working online from your local coffee shop

Beware of encryption companies bearing gifts! (Naked Security) An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it. Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"

Trend Micro Uncovers Trojan Vernot in Fresh Version (SPAMfighter News) Researchers from Trend Micro the security company report about one fresh version of Vernot a notorious Trojan, which they've analyzed and nicknamed BKDR_VERNOT.B. The Vernot, notably, is a perfect example of how malware can bypass security detections by resorting to genuine software and services for carrying out their malevolent activities

We rooted Wii U encryption and file system, says hacker group (Ars Technica) Nintendo says it has "no reports" of unauthorized game playing

Nearly Nine in Ten Websites Contain One Serious Vulnerability (Threatpost) For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites

Veracode Maps Out Security Risks Accelerated By Connected Vehicles (Dark Reading) Infographic provides tips for securing the latest and future generations of connected vehicles. Veracode, Inc., the leader in cloud-based application security testing, today released the "Connected Vehicles: Too Smart For Their Own Good?" infographic, which maps out the IT security risks of features in connected cars

Five Habits Of Highly Successful Malware (Dark Reading) Malware not only waits for the defenses to grow complacent, but actively hides itself in ways to avoid

Utah health data breach offers a lesson in the benefits of prevention (FierceHealthIT) The theft of Social Security numbers provides cyber criminals a gift that keeps on giving, posing the potential for fraud for years. When Eastern European hackers gained access to healthcare information for roughly 780,000 Medicaid participants in Utah in March 2012, the Social Security numbers for 280,000 beneficiaries were compromised

Living Social Hack: Big Data Makes A Big Target (InformationWeek) LivingSocial.com is one of the latest in a long line of "big scores" by hackers

Responding to the 'Dark Seoul Cyber Attack' (The Korea Herald) On March 20, 2013, South Korea suffered a cyber attack that resulted in the denial of service of several major banks, broadcasters, and the defacement of the websites of a telecommunications operator. Although reported as a major cyber attack, multiple

Despite hack, security experts urge no fear of Google Glass (CSO) Because of the hardware limitations, jailbreaking the device did not add much more risk than a rooted smartphone, one security expert said

Security Patches, Mitigations, and Software Updates

D-Link publishes beta patches for IP camera vulnerabilities (CSO) D-Link said the patches are for those who want to manually update their camera's firmware

Cyber Trends

Consumer Reports: 58 Million U.S. PCs Infected With Malware (Dark Reading) The recently-released Consumer Reports' Annual State of the Net Report statesthat a projected 58.2 million American adults had at least one malware infection that affected their home PC's features or performance in the past year. The cost of repairing the damage from those infections was nearly $4 billion, the report says

Gartner: More than one-third of CIOs expect their companies to stop supplying mobile devices by 2016 (FierceMobileIT) More than one-third of chief information officers surveyed by Gartner expect their companies to stop supplying mobile devices to employees by 2016. Based on its CIO survey, Gartner predicted that half of enterprises will require their employees to supply their own devices for work by 2017

M2M deployment to speed up enterprise mobility, survey finds (FierceMobileIT) The deployment of machine-to-machine communications technology is expected to speed up enterprise mobility, according to a survey of IT decision makers by Harris Interactive on behalf of SAP. The survey of 751 IT decision makers in six countries found that M2M is seen as a natural evolution of the consumerization of IT. Enterprise uses of M2M technology include fleet management, factory automation, remote facility monitoring and maintenance, inventory tracking and billing services, as well as physical security

Marketplace

Maj. Gen. Leslie J. Carroll Says Army's Challenge Is To Be 'Cyber-Savvy' (Fayetteville Observer) The Army must meet the challenges of fewer dollars and soldiers by being well-led and trained, regionally focused and "cyber-savvy," a top leader of Forces Command said Wednesday at Fort Bragg

Pentagon Prepares To Ask Congress For Break From 'Sequester' (Reuters) The Pentagon is preparing to ask Congress soon for more authority to shift funds to cope with automatic spending cuts, confronting lawmakers with another exception to the "sequester" just days after they gave a break to the flying public and the airline industry

Veterans Program Offers IT Certifications (InformationWeek ) HP, Microsoft, NetApp and Oracle are offering training and certification for their respective technologies, while SANS Institute and Global Information Assurance Certification are doing the same in the area of IT security. Service members who

DoD to grant Apple's iOS 6 & Samsung Galaxy devices security approval (9 to 5 Mac) Last month in London, Samsung hosted the first meeting of a new government-advisory board, made up of Samsung executives and technology-security experts from Western government agencies, including the U.S. National Security Agency

How a tiny Canadian company won security contracts with covert 3-letter agencies (VentureBeat) Fixmo's products, the company's sales literature highlights prominently, "have been developed as part of a cooperative research and development agreement with the U.S. National Security Agency." That commercialization has culminated in the sale of

Cyber-Responders Seek New Ways to Respond to Cyberattacks (GovTech) Last year the South Carolina Department of Revenue found that a hacker had used a "spear-phishing" attack to install at least 33 unique pieces of malicious software and utilities on the department's servers to steal financial data…The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA). "But that approach is not geared toward someone who is a specific target of an attack," Ling said. "When that happens, you need specialized help. The vendors who are going after thousands of customers may not be the company you ask to help eradicate a particular piece of malware and do incident response. That is where these newer niche players are coming in"

Profits Slide 70% at Spirent Communications (Motley Fool) The shares of Spirent (LSE: SPT ) declined 1% to 129 pence during early London trade this morning after the FTSE 250 mid-cap revealed first-quarter profits had plunged 70% to $7.6 million. Spirent, which provides performance-testing services for the telecoms industry, confirmed revenues had slumped 18% to $97 million. The company blamed the decline on "challenging trading conditions" and a smaller order book at the start of the year…The company maintained it would increase investment by as much as $14 million during 2013, to exploit opportunities in new technologies such as 4G and cyber security

Products, Services, and Solutions

CBA plans to build privacy technologies into its products (CSO) Customer demand for secure mobile banking has led the Commonwealth Bank of Australia (CBA) to start investigating the development of privacy technologies to be built into its products and services

Airbnb's new Verified ID system makes guests to prove they are real people (CSO) Airbnb's new Verified ID system requires proof of identity to use their system. It's tough out there in recession land. You know who has lots of disposable money? Complete strangers from out of town who you meet on the Internet. Matching guests and hosts has been the successful premise of the online short-term rental marketplace, Airbnb

MAVERICK Technologies, Logos Technologies and Global Velocity Partner to Safeguard U.S. SCADA Systems From Hackers (Wall Street Journal) MAVERICK Technologies, the largest independent systems integrator in North America, announced today a Joint Development Agreement (JDA) with Logos Technologies and Global Velocity to develop a solution set to protect U.S. national infrastructure from potential cyber-attacks

AWS cloud computing pros get certification program (Help Net Security) With the accelerating adoption of cloud computing and the AWS Cloud around the world, organizations are increasingly seeking mechanisms to identify candidates and consultants with demonstrated knowledge

Combat phishing attacks from all email domains (Help Net Security) Return Path announced that its Anti-Phishing Solutions have expanded to enable brand owners to combat attacks from all email domains, including those beyond their control. This represents a product

Hackers challenged to crack unhackable secure messaging app (Help Net Security) Swiss-based U.K. firm Redact has launched a new app which, they claim, offers a completely secure way of exchanging encrypted messages from iPhone to iPhone and even the possibility of deleting a sent

1010data updates big data analytics platform (Help Net Security) 1010data released a new version of its cloud-based Big Data analytics platform, which improves the ability of business analysts to quickly glean insights from the largest volumes of data with its ad-hoc

New mobile security practice from Trustwave (Help Net Security) Trustwave unveiled a new mobile security practice designed to help businesses embrace mobility and BYOD programs while maintaining compliance, managing security risks and protecting corporate networks

Belkasoft Evidence Center 5.3: New Tool to Share Collected Evidence (Forensic Focus) Belkasoft announces a major update to its flagship forensic product, Belkasoft Evidence Center 2013. Version 5.3 introduces Evidence Reader, an all-new free tool allowing Belkasoft users to pass along evidence collected with the main product

Magnet Forensics Adds More to Free Tool - Encrypted Disk Detector v2 (Forensic Focus) A little while back Chad Tilbury, a SANS trainer and talented forensicator, was kind enough to write a blog post about our free tool EDD (Encrypted Disk Detector) and ask his readers to fill out a survey to indicate which additional encryption support they wanted added to EDD

Protecting Your Privacy on the Go With Bitdefender's Android App (Technorati) Bitdefender's clueful sorts out this problem by creating an application which keeps a watch on other applications on the mobile device. Previously, clueful was available only for iPhone, but Bitdefender took a step further to bring the same app for

10 Top Password Managers (InformationWeek) Tired of being stuck in password hell? Consider these password managers that balance security with convenience

Technologies, Techniques, and Standards

Learning From Auditor War Stories (Dark Reading) Sometimes the best lessons come from cautionary tales lived by those before us who didn't get things right the first time around. And in the IT compliance world, no one is more prepared to offer up those stories than the auditors and assessors tasked to check up on IT practices

Top 10 tips: Why you should use the cloud and how to do it securely (ITProPortal) Everyone has an opinion on the 'cloud' and its effect on business – some believe it is dark and scary and fraught with unnecessary risk, while others would argue it's silver lined and the path to greater business performance and cost savings. The truth is that the cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses – but only if data security is properly addressed

How do you protect yourself in the event of a data breach? (Help Net Security) Identity Guard warns consumers to be aware of the increased risk of identity theft and provides tips on how they can help protect themselves from becoming a victim. In a recent study released this

Should You "Freeze" Your Credit Reports? (Huffington Post) Although the odds of having your identity stolen remain quite low, anyone who's ever had their bank or credit card account compromised knows what a pain it can be to unravel the mess. Sometimes enterprising hackers just need your Social Security number, address and date of birth to start running up charges on your existing accounts -- or worse, to open new ones in your name

UK Royal Military Police Cut Digital Forensics Costs With Distributed Processing (Forensic Focus) The UK's Royal Military Police (RMP) Service Police Crime Bureau (SPCB) has cut its case backlog by 42% and reduced costs per initial case by nearly one-third to £3,200 using distributed processing technology

NIST releases 4th version of security control catalog SP 800-53 (FierceGovernmentIT) The National Institute of Standards and Technology released April 30 a revised version of its security control catalog for federal systems, SP 800-53. The revision, the fourth version of the security controls catalog, also includes for the first time an appendix of privacy controls. Changes to the security controls include a new emphasis on secure software development in an effort to shift security away from the focus of the past few years, during which it's targeted matters such as configuration management or continuous monitoring

Design and Innovation

Apple's attempt to ditch skeuomorphism resulting in tight iOS 7 deadlines (Ars Technica) Famed Apple product designer Jony Ive has his hands deep into iOS 7 following the departure of former iOS software head Scott Forstall, leading to potential delays as he revamps the look and feel of the software. That's according to a new report at Bloomberg, which cites sources claiming that Ive is working to rid iOS of the skeuomorphism that came from Forstall's influence in order to impose a "flatter design that's more unified and less cluttered"

Academia

Cyber Warfare: Special Report Thursday at 10 pm (WHNT) "Well the whole point is where is the cyber attack coming from? Sometimes to actually know who launched the cyber attack is not immediately known," said Sara Graves, a UAH Cyber Security Expert. "It's not like an attack from another nation. And then if

UTSA College of Business receives $1 million for digital forensics research (UTSA Today) UTSA is a designated Center of Academic Excellence in Information Assurance Education and a designated Center of Academic Excellence for Information Assurance Research by the National Security Agency and the Department of Homeland Security

Big Data Analytics Masters Degrees: 20 Top Programs (InformationWeek) These one-year and two-year graduate programs are just what's needed to close the big-data talent gap. Read on to find a school that fits your ambitions and background

Legislation, Policy, and Regulation

Uh-oh: AT&T and Comcast are ecstatic about the FCC's new chairman (Ars Technica) AT&T calls new chairman an "inspired pick," seeks end to "outdated" regulations

Australia mulls data breach notification law, but details are secret (CSO) A draft bill has been privately circulated among some stakeholders

US seeks to pressure Google, Facebook et al. into installing wiretapping backdoors (Naked Security) A new proposal would require tech firms to design surveillance-enabling trapdoors from the ground up or modify existing services, facilities and equipment. The FBI says it's necessary to quickly catch terrorists and child abusers, but others say it's a recipe for opening servers up to hacking

Groups criticize FBI plan to require Internet backdoors for wiretaps (CSO) U.S. task force reportedly working on plan to severely penalize companies that fail to comply quickly with wiretap orders. Privacy groups are denouncing a federal government move to force Internet companies like Facebook and Google to build backdoors that would let the FBI and other agencies snoop in on real time online communications

Obama Sides with Anti-CISPA Petitioners (BankInfoSecurity) Here's how Daniel and Park address the administration's three key principles it seeks in any information sharing legislation: (1) privacy and civil liberties protections, (2) ensuring a civilian department (read: Department of Homeland Security)

Do You Want the Government Buying Your Data From Corporations? (Atlantic) Our government collects a lot of information about us. Tax records, legal records, license records, records of government services received-- it's all in databases that are increasingly linked and correlated. Still, there's a lot of personal information the government can't collect. Either they're prohibited by law from asking without probable cause and a judicial order, or they simply have no cost-effective way to collect it. But the government has figured out how to get around the laws, and collect personal data that has been historically denied to them: ask corporate America for it

Expert: Don't be too hands-off with medical apps (Politico) An advocate for health IT regulation worried Tuesday that the Obama administration had been too lenient with medical app developers, some of whom push programs that haven't been evaluated for safety or medical efficacy

Litigation, Investigation, and Law Enforcement

36 governments (including Canada's) are now using sophisticated software to spy on their citizens (Quartz) A new report from Citizen Lab, a Canadian research center, shows surveillance software sold by FinFisher, a "governmental IT intrusion" company owned by the UK-registered Gamma International, is now active in 36 countries. That's up from the 25 countries reported two months ago

For Their Eyes Only: The Commercialization of Digital Spying (Citizen Lab) Citizen Lab is pleased to announce the release of "For Their Eyes Only: The Commercialization of Digital Spying." The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies. Our new findings include: We have identified FinFisher Command & Control servers in 11 new Countries. Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, Austria. Taken together with our previous research, we can now assert that FinFisher Command & Control servers are currently active, or have been present, in 36 countries

Things You Shouldn't Text When You're Accused of Bombing Boston: 'LOL' (Wired Danger Room) Boston Marathon bombing suspect Dzhokhar Tsarnaev's text messages prompted his friends to, allegedly, attempt to destroy evidence in the case on his behalf

Piracy or baiting? The thorny legal question of Game Dev Tycoon's honeypot (Ars Technica) Is it piracy just because the user thinks it is? What if the developer encourages it

Whether or not you're a Chinese spy, you shouldn't download porn onto a NASA laptop (Quartz) Bo Jiang, a Chinese research scientist who worked at a NASA facility and was suspected of stealing secrets, is expected to plead guilty today–not for espionage, but for downloading porn on his work computer. Mr Bo, 31, was fired in January for taking a NASA laptop on holiday to China and shortly afterwards named a threat to national security

IGs probe government's handling of Boston intel info (Washington Times) The inspectors general of the intelligence community, the CIA, the Justice Department and the Department of Homeland Security have begun a "coordinated and independent review" of the government's handling of intelligence information leading up to the

USPS has data-related issues, say auditors (FierceGovernmentIT) The Postal Service has data-related issues, the USPS office of inspector general says in a review of reports it's issued from fiscal 2009 through fiscal 2012

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...

2013 ICAM Information Day and Expo (Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.

NASA National Capital Region Industry Days (Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...

2013 World Comp (Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...

INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of...

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...

ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers...

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity...

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges...

Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on...

Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising...

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a...

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each...

Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies...

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.