skip navigation

More signal. Less noise.

Daily briefing.

It's pleasant to open with good news. OpUSA has clearly failed to achieve results beyond nuisance-level (and most of that nuisance was experienced outside the US). US banks, which Anonymous called out as particular targets, were notably exempt from disruption ("US Banks 1, Cyberhacktivists 0," as American Banker puts it). Ironically China may have suffered more in the campaign than the US. Anonymous itself shows symptoms of disruption: many adherents viewed the call to action as a provocation, and sat it out.

Sound encryption practices appear to have contained a data breach at Name.com, and Bank Austria also seems to have successfully mitigated an intrusion.

Other, smaller campaigns continue. Victims include Bangladesh's military academy, Malaysian opposition parties, the Netherlands' government, and New York motorists.

eBay customers are subjected to bogus help-chat that redirects to malware. A ransomware campaign appears in Germany. The Apache backdoor discovered last week continues to spread, and to redirect traffic to Blackhole and other exploit kits.

Lessons are drawn from recent attacks. The Onion (seriously) describes how the Syrian Electronic Army hijacked its Twitter account. The Department of Labor attack shows the threat of waterholing. The control system vulnerability Google researchers exposed in their own facility again points out the difficulty of patching such systems. Virtualization, important as it is, is no panacea, and treating it as such leads to lax security.

Singapore and India join the list of countries releasing cyber policy statements. It's noteworthy that both see labor force development as central to security.

Notes.

Today's issue includes events affecting Australia, Austria, Argentina, Bangladesh, Brazil, Canada, China, Colombia, France, Germany, India, Indonesia, Israel, Kenya, Maylasia, Netherlands, Peru, Romania, Russia, Singapore, Spain, Syria, Taiwan, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

'OpUSA' Cyber-Attacks Fail to Gather Momentum During First Day (eWeek) A few breaches and some Website defacements are the sum total of the first day of Operation USA, which aimed to "wipe you (America) off the cyber map." Hacktivists' threat to wreak digital havoc on U.S. government sites and financial institutions fell well short of the mark on May 7, the first day of the so-called "OpUSA" attack

DDoS Score: U.S. Banks 1, Cyberhacktivists 0 (American Banker) The online sites of the nation's biggest banks seem to be functioning without interruption following a hacktivist threat to launch a series of cyberattacks on financial institutions and government agencies. JPMorgan Chase (JPM), Bank of America (BAC), Citigroup (NYSE:C), Wells Fargo (WFC) and dozens of others ran mostly without digital delays on Tuesday, according to Sitedown.co, which tracks online outages

Thousands of Sites Hacked for OpUSA, but Not All Hacktivists Support the Campaign (Softpedia) Today, on May 7, several hacktivist groups from all around the world have launched OpUSA, an operation that represents a form of protest against the United States. The campaign, inspired by the recent OpIsrael, started a few hours ago and thousands of sites have already been hacked…According to a report published a few days ago by the US Department of Homeland Security (DHS), the agency is not really concerned with OpUSA either. The DHS believes the campaign will mostly consist of nuisance-level attacks. So far, it appears it is right. Of the thousands of sites hacked for OpUSA, most of them have nothing to do with the United States. Instead, they're commercial sites from Israel, Brazil, Argentina, Ukraine, the UK and other countries…Also, judging by the large number of Chinese government sites defaced as part of OpUSA, it's as if the hackers are doing the US a favor. Another noteworthy thing is that not all Anonymous hackers support OpUSA. Some hacktivists believe this operation is part of a conspiracy

Massive Coordinated Cyberattack "Hit List" (Market Oracle) Diane Alter writes: A group of mostly Middle East and North Africa based criminal hackers launched a cyber-attack campaign Tuesday that tested the cybersecurity of U.S. government agencies, financial institutions and commercial businesses. Dubbed OpUSA, the effort is the latest in a string of cyber-attacks on crucial U.S. entities aimed at slowing down or blocking these heavily trafficked sites

Hacking group warns of cyber attack on N. Korea (Arirang News) The international hacking group Anonymous has warned it will hack into several key North Korean websites next month. The group unveiled its list of North Korea

Name.com suffers breach, credit card data accessed, encryption in place (phew!) (Naked Security) Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach. Crooks have apparently made off with data up to and including credit card numbers…but it sounds as though everything was encrypted, which is a silver lining

Bank Austria suffers cyber attack, says clients unaffected (Reuters) Computer hackers penetrated systems at UniCredit subsidiary Bank Austria but were unable to break into client accounts, the bank said

Homemade Browser Targeting "Banco do Brasil" Users (TrendLabs Security Intelligence Blog) Cybercriminals in Brazil appear to have come up with a new tactic to lure users into giving up their login information. A few days ago, we found a post on a Brazilian forum offering a browser that could access the website of the Banco do Brasil without using the needed security plugin

Website of Bangladesh Military Academy Hacked (Softpedia) The official website of the Bangladesh Military Academy (bma.mil.bd) has been breached and defaced. Interestingly, the site has been hacked by two separate collectives

Malaysian election sparks web blocking/DDoS claims (The Register) Opposition leaders and human rights activists have warned that Malaysia's recent elections were tarnished with widespread web blocking and DDoS attacks designed to deprive voters of information about opposition coalition Pakatan Rakyat (PR) before going to the polls

Cyber attack targets Dutch government websites (AFP) Dutch government websites were paralysed for several hours overnight after a mass cyber attack which targeted several ministerial sites, a spokesman said on Wednesday. "The government's sites have been the target of a DDoS attack since

Cybercriminals impersonate New York State's Department of Motor Vehicles (DMV), serve malware (Webroot Threat Blog) Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State's Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they've received an uniform traffic ticket, that they should open, print and send to their town's court

Phishers target eBay customers via live chat support (Help Net Security) U.K.-based ISP Netcraft is warning users about phishers impersonating eBay's live chat support feature in the hopes of getting their hands on eBay users' login, personal and financial information

Porn-downloading ransomware targets German users (Help Net Security) The German Anti-Botnet Advisory Centre is warning (in German) users about a new ransomware / BKA Trojan variant that accuses users of being involved in the reproduction of pornographic material involving minors

Hackers Steal Cash from Bank ATMs (The Commercial Appeal) The hackers often struck late on Fridays, starting about a year ago, sending skeleton crews at more than a dozen European banks rushing to keep bombardments of digital gibberish from crashing their websites. Damaging as the bandwidth-choking attacks were, they were merely smokescreens. Once employees dropped their guard to fight one attack, hackers struck again, exploiting the openings to steal account information and create counterfeit debit cards

Backdoor targeting Apache servers spreads to nginx, Lighttpd (Help Net Security) Last week's revelation of the existence of Linux/Cdorked.A, a highly advanced and stealthy Apache backdoor used to drive traffic from legitimate compromised sites to malicious websites carrying Blackhole

A closer look at the malicious Redkit exploit kit (Naked Security) In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit. Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads

No joke: The Onion tells how Syrian Electronic Army hacked its Twitter (Ars Technica) Phishing attack, grabbing of Google credentials from employees exposed accounts

Department Of Labor Attack Points To Industry Weaknesses (Dark Reading) Security pros say latest watering hole attack patterns expose the 'ecosystem of mediocrity' set out by today's baseline of protection. As researchers dig deeper into a Department of Labor (DOL) attack that some say was the front end of a watering hole attack designed to infect sensitive targets within the Department of Energy, the industry is learning more about the advanced patterns of attack that black hats are using to strike out at very specific targets

Lesson from the Google office hack: Do not trust third-parties (CSO) Many Tridium Niagara systems in use today are left unpatched, and the company acknowledges there's a problem with update deployments

Organizations failing to secure primary attack target (Help Net Security) Despite repeated warnings, a majority of organizations are failing to enact recommended best practice security policies around one of the primary targets of advanced attacks – privileged accounts. According to the results of Cyber-Ark Software's global IT security survey, 86 percent of large enterprise organizations either do not know or have grossly underestimated the magnitude of their privileged account security problem, while more than half of them share privileged passwords internally

CIOs fail to protect mainframe customer testing data (CSO) A fifth of CIOs (20 per cent) admit to not masking or protecting their customer data before providing it to outsourcers for mainframe application testing purposes. On the other end of the spectrum, 82 percent of companies that do mask their customer data before providing it to outsourcers describe the process as "being difficult"

Advanced Persistent Threats: The New Reality (Dark Reading) Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready

Security practices wanting in virtual machine world, survey finds (CSO) While organizations have been hot to virtualize their machine operations, that zeal hasn't been transferred to their adoption of good security practices, according to a survey released on Wednesday. Nearly half (42 percent) of the 346 administrators participating in the security vendor BeyondTrust's survey said they don't use any security tools regularly as part of operating their virtual systems, and more than half (57 percent) acknowledged that they used existing image templates for producing new virtual images

Nordstrom tracking customer movement via smartphones' WiFi sniffing (Naked Security) The department store has installed sensors in 17 US stores to collect information from customers' smartphones as those phones automatically scan for WiFi service. Nordstrom promises it's keeping the data anonymous

"De Flashing" the ISC Web Site and Flash XSS issues (Internet Storm Center) You may have noticed that earlier today, I removed the flash player that we use to play audio files on our site. The trigger for this was a report that the particular flash player we use (an open source player usually used with Wordpress) is suscepible to cross site scripting [1][2]. Instead of upgrading to the newer (patched) version, we instead decided to remove the player

China isn't wrong to call the US "the real hacking empire" (Quartz) The cyberwar between China and the US has spread from computers into the halls of diplomacy. In a report this week, the Pentagon said for the first time that the Chinese government and military have been launching cyber attacks against the US. Today, Chinese state media called the US "the real hacking empire" and said the country has "an extensive espionage network."

Security Patches, Mitigations, and Software Updates

Spotify Fixes Security Hole that Allowed Free Song Downloads (Threatpost) One of the largest online music streaming services was briefly singing a different tune after learning a new Google Chrome plug-in allowed users to download copies of songs for free. Google this week pulled from its Chrome Web Store the browser extension known as Downloadify, which exploited a vulnerability in Spotify's web player to allow

Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day (Naked Security) The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE. Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability

Cyber Trends

Cyberwar is breaking out all over (MSN Money) Costly and dangerous attacks on government and corporate computer systems are soaring. The Pentagon alone wants $4.7 billion to combat them. History may remember this week as the moment when the shadowy concept of cyberwar between countries went public

Lack of standards, interoperability problems holding M2M back (FierceMobileIT) A full 86 percent of wireless industry executives surveyed by IHS Research identified lack of standards, diverse architectures and interoperability problems as the top challenges to mass machine-to-machine communications adoption

Mobile devices, M2M flooding enterprises with unstructured data (FierceMobileIT) As a result of the flood of data generated by mobile devices and machine-to-machine communications, enterprises are struggling to keep up with data collection and analysis. However, unless the data is collected and analyzed, it is useless for senior executives to make decisions. That is where big data projects come in

Marketplace

IBM opens its first East Africa innovation center in Nairobi (PC Advisor) The facility is IBM's 41st global innovation center. Continuing a series of investments in East Africa and Kenya, IBM has opened a global innovation center in Nairobi, targeting startups and businesses interested in expanding

TASC unveils new cybersecurity lab in San Antonio (Washington Business Journal) TASC started its San Antonio operation is 1996. It has more than 100 scientists and engineers working in cybersecurity, bio-sciences and intelligence

Products, Services, and Solutions

New Tool Focused On Removing The Overhead And Complexity Of Code Reviews (Dark Reading) Klocwork Cahoots simplifies the code review process. Klocwork Inc, the global leader in automated source code analysis (SCA) solutions for developing more secure software, today announced Klocwork Cahoots, a flexible and easy-to-use peer code review tool that simplifies the code review process. Language-agnostic and designed for development teams of all sizes, Klocwork Cahoots fits into the developer workflow to ensure code reviews are both effective and fast

WatchGuard Expands Network Security Support For Microsoft Hyper-V Customers (Dark Reading) Today at Interop 2013, WatchGuard Technologies, a global leader in manageable business security solutions, announced it is expanding its network security offerings for customers using Microsoft Hyper-V virtualized environments

Triumfant Launches Its First Monitored Service Solution For Advanced Malware Detection And Remediation (Dark Reading) Triumfant collects all malicious activity on the endpoint and provides a detailed analysis leading to remediation

Malwarebytes adds antivirus scanning to cloud backup software (ComputerWorld) Left-field antivirus firm Malwarebytes has launched the first ex-beta version of Secure Backup, a cloud security system designed to scan users' files for infection before storing them in the cloud

WePay Debuts Veda, An Intelligent Risk Engine That Leverages Social Media Data To Prevent Merchant Fraud (TechCrunch) Online payments startup WePay is announcing the launch of Veda, an intelligent social risk engine that leverages social media data as well as traditional business data to catch merchant fraudsters

Check Point Introduces 600 Series Security Appliances for SMBs (eWeek) Web security specialist Check Point Software Technologies launched its 600 ... to medium-size businesses (SMBs) against cyber attacks, including viruses

Qosmos Integrates Cavium Chips (Light Reading) Qosmos, the market leader in embedded Deep Packet Inspection (DPI) and Network Intelligence (NI) technology, today announced full integration with the latest generation of Cavium OCTEON II processors. This results in a best-of-breed

Symantec SSL Certificate Enhanced Cryptography Claimed 10K Times Stronger (Dazeinfo) It is now providing its customers with SSL certificate which is created by multiple algorithms including Elliptic Curve Cryptography (ECC) and Digital Signature Algorithm (DCA), which will not only beat the traditional approach but also is 10,000 times

The Kwikset Kevo lock opens at your touch (CSO) New deadbolt turns your smartphone into a virtual key

6 Super Security Freebies (PCWorld) Secunia PSI examines your system for programs that need security updates, and points you to the required patches. Software updater: Now that almost every PC

Procera Beefs Up Network Analytics (Light Reading) Procera Networks, Inc. (NASDAQ: PKT), the global network intelligence company, today announced the availability of Dynamic LiveView, the industry's first real-time, dynamic query capability for network analytics. Procera's first-to-market capability

Technologies, Techniques, and Standards

Five Questions To Ask When Choosing A Threat Intelligence Service (Dark Reading) Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one? Today's emerging threat intelligence services have the potential to change the way enterprises measure security risk and prepare their defenses for the next wave of attacks. If you subscribe to the Art of War's mantra, "know your enemy," threat intelligence is a key weapon in any IT security arsenal. As they hit the market, however, it's becoming painfully clear that there is a huge disparity between the offerings that vendors are calling "threat intelligence service." Some of them are single-source RSS feeds, not too much different than what you might get from CERT (or even Dark Reading). Others are in-depth analytical services that can not only report and analyze the threats, but also tell you how they might affect your specific IT environment

Panic Now (Dark Reading) "The auditors are coming! The auditors are coming!" If your organization is prepared for an audit with little notice, you have my congratulations and highest regard, because you are a person of rare foresight

How Not To Look Stupid On Twitter (TechCrunch) When the AP Twitter stream was hacked a few weeks ago leading to a massive drop in the equities market, I went off. I found the fact that the AP – a news organization staffed by intelligent people and with a long history of adapting to new media – could be hacked through a phishing attack was unconscionable. It would be like Bank of America being hacked by a group of script kiddies

You're doing passwords wrong. Here's how to make them uncrackable. (IT World) For years now I've harangued relatives about their shoddy password practices. Either they use easily-hacked passwords or forget the passwords they've created--sometimes both. If you won't take it from me, beloved family, consider this Password Day (yes, apparently it's a thing) statement from McAfee's Robert Siciliano: "74% of Internet users use the same password across multiple websites, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss."

Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won't Work (infosec island) When we ask security contacts at our enterprise clients What software development methodology does your company use? - they usually pause for a moment and answer everything.Individual development teams tend to adopt processes that work best for them. Heterogeneous development processes wreak havoc on plans for adopting enterprise-wide secure SDLC efforts. There are at least three reasons why development teams within the same company have different development styles, including

Do You Have a Vendor Security Check List? You Should! (infosec island) So a vendor calls you and wants to sell you a new application for your organization that will help you to be more secure and increase productivity they claim. Good thing you have that vendor security checklist so that you can see if this new application and vendor conforms to the security controls that your organization has put in place. Wait, you don't have a checklist or know what one is? Let me help you with that. A security check list is a list of security controls that a vendor or application

Use These Secret NSA Google Search Tips to Become Your Own Spy Agency (Wired) The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. But the most interesting is the chapter titled "Google Hacking

Research and Development

Quantum key air to ground transmission could be future of cryptography (Gizmag) For the first time, quantum cryptographers have successfully transmitted a quantum key from a fast-moving object – a Dornier 228 turboprop. The experiment involved sending a secure message from the aircraft to a ground station via laser beam, and can

Google's Schmidt: what we need is an internet "Delete" button (Naked Security) There are two things we humans could do to wipe clean our internet data tracks. To wit: (1) Get everybody to legally change their names at the age of 18, or (2) Create an internet "Delete" button

Academia

Oxford and Royal Holloway to train cyber security graduates (EPSRC) Two new Centres for Doctoral Training (CDTs), that will provide the UK with the next generation of researchers and leaders in cyber security, are announced today by Minister for Universities and Science, David Willetts

Introducing digital forensics in schools key to cybersecurity's future (ZDNet) Vrizlynn Thing, acting head of Singapore's cybercrime research department, is pushing for digital forensics to be taught in schools, to help address the shortage of talent amid the rising incidence of cyberattacks

Cyber Security Challenge (Swinburne University Media Centre) The Swinburne B team was the best of the Victorian teams in the Cyber ... Dr James Hamlyn-Harris, said Swinburne, which entered three teams in CySCA 2013

UNSW wins Cyber Security Challenge Australia (ComputerWorld) Forty-three teams tested the networks and hardware of a fake company over 24 hours. A team of students from the University of New South Wales will be off to the US Black Hat Security conference in July after winning the annual Cyber Security Challenge Australia (CySCA)

UK universities get £7.5m cyber security research funding (Computer Weekly) Oxford University and London University will receive £7.5m government funding for cyber security research

Legislation, Policy, and Regulation

'Fresh proposals' planned over cyber-monitoring (BBC) Fresh proposals to investigate crime in cyberspace are being promised, after the so-called "snoopers' charter" was dropped from the Queen's Speech. The measures to be brought forward would help protect "the public and the investigation of crime in cyberspace". The main plan is to find a way to more closely match internet protocol (IP) addresses to individuals, to identify who has sent an email or made a call

New Zealand isn't exactly outlawing software patents—it's doing something more interesting (Quartz) Despite what you may have read, New Zealand is not "banning" software patents. Indeed, the country has never explicitly allowed the patenting of software in the first place, and excluding software from patentability would violate New Zealand's international patent obligations. Instead, today's amendment to the country's in-progress patents bill skirts international law in a creative way: the country's government will instead declare that software is simply not an invention in the first place

Government approves National Cyber Security Policy (Times of India) The government approved the National Cyber Security Policy that aims to create a secure computing environment in the country and build capacities to strengthen the current set up with focus on manpower training. The Cabinet Committee on Security (CCS) approved the policy which stresses on augmenting India's indigenous capabilities in terms of developing the cyber security set up

A National Security Imperative: Protecting Singapore Businesses From Cyber-Espionage (Eurasia Review) But this is not only an economic issue to be left to private companies to deal with: Joel Brenner, former inspector general of the U.S. National Security Agency, rightly argues that the boundary between economic security and national security has

Senate Bill Calls For 'Watch List' Of Nations Cyberspying On US, Trade Sanctions (Dark Reading) The Deter Cyber Theft Act specifically requires that the U.S. National Director of Intelligence to create a "watch list" of nations engaged in cyberespionage activity against the U.S. and a priority list of the "worst offenders"

Advanced Cyber Attack Tools Seen Available to Hackers (Bloomberg) Advanced cyber attack tools have become readily available for use by foreign governments and terrorists to infiltrate or cripple U.S. computer networks, two federal law enforcement officials told a congressional panel. Dozens of countries now have

Symantec advises Senate on complexity of cyber threats (USA Today) Symantec's government policy vice president Cheri McGuire brought a summary of the antivirus giant's rich metrics showing the intensity and pervasive nature of daily cyber attacks to a U.S. Senate hearing today. Sen. Sheldon Whitehouse (D-R.I.)

How to end content piracy right now (FierceContentManagement) The key to stopping content piracy isn't tougher laws or other over-the-top government intervention. It's actually pretty simple. If you provide a reasonably priced, legal alternative, most people will use it and traffic to sites that typically host pirated content goes down

Litigation, Investigation, and Law Enforcement

Cybercriminals Capitalizing on Ineffective Law Enforcement in Latin America (SecurityWeek) Cyber-criminals are increasingly setting up shop in Latin American and the Caribbean to take advantage of low security awareness among users and ineffective law enforcement, according to a recent report from Trend Micro

Judge Allows Evidence Gathered From FBI's Spoofed Cell Tower (Wired) An Arizona judge has denied a motion to suppress evidence collected through a spoofed cell tower that the FBI used to track the location of an accused identity thief

Network Solutions seizes over 700 domains registered to Syrians (Ars Technica) Domain names pointed mostly to sites hosted in Damascus taken under embargo rules

Taiwan Police Arrest Man Suspected of Hacking Popular Music Website (Softpedia) Police in Taiwan seem to be pretty efficient when it comes to identifying and apprehending cybercriminals. The second possibility is that Taiwanese hackers don't really know how to hide their tracks, allowing authorities to easily identify them

Another Romanian National Accused of Hacking Subway Computers Pleads Guilty (Softpedia) 29-year-old Romanian national Adrian-Tiberiu Oprea, accused of participating in the massive payment card data theft scheme that targeted the point-of-sale (POS) systems of hundreds of US merchants, has pleaded guilty to the charges brought against him

Dutchman appears for 'biggest ever' cyber attack (Sydney Morning Herald) A Dutchman arrested in Spain in connection with an unprecedented cyber attack has been extradited to the Netherlands where he appeared before a judge, Dutch prosecutors say. The attack has been

FBI says it doesn't need a warrant to snoop on private email, social network (ZDNet) The U.S. Federal Bureau of Investigation is able read your emails, Facebook chats, Twitter messages and other private documents without the need for a search

Head Of PCeU British Cyber Police To Quit Force (TechWeek) Charlie McMurdie tells TechWeek it is the right time to go, ahead of PCeU's merger with SOCA. The chief of the Police Central e-Crime Unit (PCeU), the division of the Metropolitan Police dealing with national digital threats, is to leave the force ahead of a major shake up of British cyber policing, TechWeekEurope has learned

Few businesses appear ready to defend themselves from cybercrime, report finds (Calgary Herald) Few companies may be ready to handle an attack from criminals lurking in cyberspace, and fewer know about the government's three-year-old cyber-security efforts, according to a national study. The study's authors concluded that results, while only a small snapshot of the millions of businesses big and small in Canada, point to gaps in how companies protect themselves from cybercrime, a finding that could be chalked up to little monetary damage to companies that fall victim to hackers

Testifying on cybersecurity before the Senate Judiciary Committee (Volokh Conspiracy) I'll be testifying this morning before the Senate Judiciary Committee's subcommittee on crime and terrorism. My testimony will touch on the Attribution Revolution in cybersecurity, the need to move from attribution to creative forms of retribution, and the need to give victims more leeway to investigate the hackers who attack them

Justice Dept. position on ECPA warrant requirement unclear, says ACLU (FierceGovernmentIT) Justice Department documents obtained through the Freedom of Information Act suggest that some U.S. attorneys may continue to authorize law enforcement access to opened emails less than 180 days old without first obtaining a warrant, says the American Civil Liberties Union

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...

ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers...

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity...

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges...

Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on...

Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising...

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a...

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each...

Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies...

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.