skip navigation

More signal. Less noise.

Daily briefing.

The Assad regime has deployed thirty-four Blue Coat servers to perform deep-packet inspection on Syrian Internet traffic.

The scope and persistence of the ongoing cyber espionage campaign apparently directed by India continue to surprise as new digitally signed Mac spyware is detected. [Update 2.11.14: Text on Indian company involvement withdrawn by source. 022014-001]

The US Department of Homeland Security, in bad news for anyone with a security clearance, is warning employees and contractors that vulnerable clearance processing software an unnamed vendor used has exposed personal information. The vulnerability, now closed, had existed since July 2009.

ZeuS/ZBOT variants resurface with new features. Researchers will show (at Black Hat) how to bypass BIOS security. Google researchers say they've found privilege escalation vulnerability in Microsoft Windows. Ransomware spikes worldwide.

The usual squalid spoor of hacktivist vandalism defiles Eastern European and Mediterranean sites.

Chinese hacking seems to have escaped central control, with a thriving bandit sector that suggests a small-scale reversion to warlordism. Espionage and cybercrime will be central topics of discussion in upcoming Sino-American talks, with the US complaining about the former and offering help against the latter. (Many observers note that the US is no naïf here—it's been a malware buyer.)

Policymakers in the US, South Africa, India, and Australia grapple with approaches to cyber security. In the US, the Government seeks more information sharing, which industry at some level wants, while fearing intrusive and commerce-throttling regulation. The security of the energy sector is of particular concern, as fears of Iranian cyber attack rise.

Notes.

Today's issue includes events affecting Algeria, Australia, Belarus, China, Croatia, Germany, India, Iran, Democratic People's Republic of Korea, South Africa, Syria, Tunisia, Turkey, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Syria using 34 Blue Coat servers to spy on Internet users (TrustLaw) The servers are using DPI (Deep Packet Inspection) technology to analyse and control the activities of Syrian Internet users - censuring websites, intercepting emails, obtaining details of sites visited and so on. As the Assad regime recovers territory

Researchers find more versions of digitally signed Mac OS X spyware (CSO) The malware is connected to Indian cyberespioange operation and has been active since at least December 2012, researchers say. Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users. KitM (Kumar in the Mac), also known as HackBack, is a backdoor-type program that takes unauthorized screen shots and uploads them to a remote command-and-control (C&C) server. It also opens a reverse shell that allows attackers to execute commands on the infected computers

India likely source of multination cyberspying (USA Today) A multi-national cyberspying onslaught, carried out over three years against companies and agencies in a dozen nations, has been uncovered by Norwegian security vendor Norman Shark and San Diego-based antivirus maker ESET

Thousands of DHS Personnel Notified of Data Breach (Threatpost) The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk. The notifications began on Monday, according to an online statement, after officials learned of a vulnerability in software used by a vendor to process personnel background investigations. The security vulnerability apparently has existed since July 2009 and the exposed data includes names, Social Security numbers and dates of birth. The security hole was sealed immediately

ZeuS/ZBOT Malware Shapes Up in 2013 (TrendLabs Security Intelligence Blog) The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In our 2013 Security Predictions, we predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this thesis, as seen in threats like CARBERP and Andromeda botnet

BIOS Bummer: New Malware Can Bypass BIOS Security (Dark Reading) Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine. As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed

Google researcher reveals another Windows 0-day (Help Net Security) Tavis Ormandy - the Google researcher known for discovering a slew of Windows, Java and Flash Player vulnerabilities and zero-days and his combative attitude regarding the "responsible disclosure" policy

Microsoft brushes off claim Xbox Live accounts were compromised (CSO) Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service. The hacker, who goes by the Twitter handle "@Reckz0r," wrote on Pastebin that Microsoft stored the login credentials in plain text. The data included email addresses and passwords, he added

Researcher Unlocks Samsung Galaxy S4 Bootloader for AT&T, Verizon Android Phones (Threatpost) A researcher has unlocked the bootloader on Samsung Galaxy S4 Android devices, enabling the uploading of custom kernels and software

Recent spike in FBI Ransomware striking worldwide (Webroot Threat Blog) Recently we have seen a spike of this ransomware in the wild and it appears as though its creators are not easily giving up. This infection takes your computer hostage and makes it look as though the authorities are after you, when in reality this is all just an elaborate attempt to make you pay to unblock your computer

49 Israeli Websites Hacked by The key40 from Algeria (Hack Read) An Algerian hacker going with the handle of 'the key40′ has hacked and defaced total 49 Israeli websites. The sites were left with not one but several partially deface pages and messages against Israel, favoring Palestinians, such as

Honda Belarus Breached, Accounts and Data leaked by @Ag3nt47 (Cyberwarzone) Earlier today hacker @ag3nt47 announced that they were sick of Honda ads (sponsored tweets) on twitter and that they would be hacked

Syndicasec in the Sin Bin: targeted espionage malware in action (We Live Security) Malware researchers receive so many malicious code samples every day that prioritization for deep examination becomes an important part of the analysis process. In some instances, it is easier to decide than others. Such is the case for a sample we recently came across here at ESET named Win32/Syndicasec.A, for which the decision was pretty easy, for a variety of reasons:Our telemetry systems show that the infection scale is extremely small and strictly limited to Nepal and China

Event ticketing company hacked, at least tens of thousands affected (SC Magazine) After a server attack, tens of thousands of customers, who used the services of Boston-based online ticketing company Vendini, had their financial and other sensitive information exposed

The wide world of hacking in China (CNet) CNetChina has been cited as allegedly hacking into U.S. government and corporate networks for years now. Generally, the thinking has been that the government is the only entity in the country actively hacking. But a new report seems to indicate that's not even close to the truth.The News York Times on Thursday released a report on hacking across China. The Times found that not only does hacking occur at the highest levels of the government, but that everyone on down from local law enforcement

Chinese hackers advertise HACKS FOR SALE (Cyberwarzone) Chinese hackers openly advertise on IT fairs.A good hacker in China earned $ 100,000 a year. The skill to penetrate into foreign systems, IT security trade fairs advertised openly and taught at universities.Hackers company praise on an IT Security Expo in Beijing to open their services. As the New York Times journalist Edward Wong reports , sales professionals from companies such as Nanjing XHunter software advertise that they attack every computer in China, copy the contents of the hard drive

Mandiant: Report Sending Chinese Cyberattackers Back To The Drawing Board? (CRN) A Mandiant report that tied China to a cyberespionage operation and exposed how it infiltrated more than 100 businesses has significantly impacted the group's campaign, decreasing attacks and possibly forcing the group to turn to alternative methods

Iran Hacks Energy Firms, U.S. Says (Wall Street Journal) Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said. In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation

The dangers of downloading software from unofficial sites (Help Net Security) Because malware peddlers often bundle their malicious wares with legitimate software, downloading anything from unofficial download sites is a bit like playing Russian roulette: a click and the game

Why Twitter's two-factor authentication isn't going to stop media organisations from being hacked (Naked Security) Twitter's new two factor authentication system will be welcomed by some users, but ignored by others who will find it a nuisance. Notably, it's unlikely to be much use at all to media companies who have suffered at the hands of hackers, as Graham Cluley explains

Twitter's two-step authentication a good start, experts say (CSO) For celebrities and the average Joe, having two-factor authentication turned on won't protect them against determined hackers, however. While experts praise Twitter's decision to provide accountholders with two-factor authentication, they warn that additional security will still be needed to prevent the hijacking of high-profile accounts

Compromised Devices of the Carna Botnet (AusCERT) What is the Internet Census 2012

Cyber Trends

Fight Against Cyber-Crime Is On The Right Track, According To PandaLabs Q1 Report (Dark Reading) Major organizations such as the BBC or Burger King saw their Twitter accounts hacked. PandaLabs, Panda Security's anti-malware laboratory, has published its Quarterly Report for Q1, analyzing the IT security events and incidents from January through March 2013. Despite the numerous security incidents that took place during the first quarter of the year, the fight against cyber-crime looks to be on the right track, and though there is still a long way to go, international co-operation among security agencies is beginning to pay off and criminals around the world are being brought to justice

Cybersecurity awareness week: be aware you're being lied to (Crikey) It's cybersecurity awareness week. So you should be aware that you're being lied to about cybercrime, who's behind it, and how your rights and freedoms are under threat

Infectious Computer Worms Are Sucking Energy and Money From Companies (Forbes) The analysis, titled Electric Grid Vulnerability, goes on to say that the U.S. Department of Homeland Security has processed 68 percent more cyber-incidents in 2012 involving federal agencies than it did in 2011. The report references one U.S. utility

US fears irrational hackers (TechEye) The sort of attack they could carry out is like the one found by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT. A flaw was found in equipment from Germany's TURCK, which is used

Is protecting intellectual property from cyber thieves futile? (CNET) "The frustration for me is that in the U.S., parties who have valuable intellectual property are not adequately protecting their data," said Richard Marshall, former director of Global Cyber Security Management for the Department of Homeland Security

Only 36% of small firms apply security patches. No wonder cybercrooks are stealing their cash (Naked Security) Small businesses are under constant attack from malware, scams and online fraud. They are simply woefully under-prepared to keep their assets safe. Despite reorganisation and redirected priorities, the police can still do little to help. Here are some general tips from the FSB to help firms better

Marketplace

How to Win Contracts When Lowest Price Is the Highest Measure (SIGNAL Magazine) The lowest price technically acceptable (LPTA) acquisition strategy, which focuses on price over value, has become the dominant approach that agencies are applying to federal contracting. The accelerated transition to this strategy has been fueled by sequestration and the growing need for government to do business at a reduced cost. Contractors are still learning how to operate in this new environment, but many fear that the emphasis on lower cost labor will reduce the expertise of the work force and result in lower levels of effort

GAO: Military Propaganda Efforts Flawed (USA Today) Pentagon propaganda programs are inadequately tracked, their impact is unclear, and the military doesn't know whether it is targeting the right foreign audiences, according to a government report obtained by USA TODAY

GSA, Telecom Firms Sign Govt-Wide Mobile Service BPA (GovConWire) Kay Kapoor AT&T (NYSE: T) Sprint (NYSE: S), T-Mobile and Verizon (NYSE: VZ) have signed a blanket purchase agreement with the General Services Administration to centralize service plans for agencies under one government-wide purchasing vehicle

M&A in big data security (FierceBigData) Blue Coat Systems is a security company that likes to consider security as a means to an end, which is to ultimately provide business value. It calls its product set business assurance technology. This week, the company added to its means by announcing its intention to acquire Solera Networks, a big data security intelligence and analytics company, for an undisclosed sum

Big data's creating more jobs than we can fill (FierceBigData) Talent shortages may persist in the big data market, but at least companies are beginning to understand what skills they need. Over the next two years, companies in the United States will be looking to fill 1.9 million technical positions, mostly analytical, according to Gartner. There will be another 2 million worldwide

David Keffner Named SRA Corporate Controller (GovConWire) David Keffner, a former business group chief financial officer at SRA International, has been promoted to corporate controller at the Fairfax, Va.-based technology services contractor. Keffner will be responsible for financial planning and analysis, treasury and corporate accounting in his new position, SRA said Wednesday

Products, Services, and Solutions

MoVP II (Internet Storm Center) Volatility is a Python framework for performing memory forensics. If you haven't tried it yet I highly recommend it. The Volatility Month of Volatility Plugins II is on! As announced here Volatility 2.3 is entering beta and the second MoVP (Month of Volatility Plugins) has started and is actually in their second installment. Some very exciting new stuff

NetAbstraction and Light Point Security have signed a partnership agreement to offer virtualization and cloud technologies to protect customer's online activity. (PRNewsWire) NetAbstraction combines their next-generation secure network with Light Point Security's first and only server-based virtual-machine-in-a-browser

A Privacy App That Ensures Personal Data Really Disappears (Entrepreneur) Files are never stored; they are completely overridden, cleared of metadata and encrypted with the same security technology employed by the National Security Agency. The free version allows users to send messages that can be kept for up to five days

Sophos RED scoops "Protector Award" at this year's AusCERT conference (Naked Security) We're proud to say that at this evening's 2013 Information Security awards at the AusCERT conference in Australia, Sophos scooped the "Protector Award" with its Sophos RED product. Paul Ducklin says, "Well done" to the techies behind the technology

OnRamp Addresses Recent Cloud Security Concerns with Private Cloud Solutions Designed to Mitigate Security Risks (DigitalJournal.com) Although there are many risks associated with the cloud in general, in a recent report released by the Cloud Security Alliance (CSA) titled The Notorious Nine: Cloud Computing Top Threats in 2013

FireEye Supports Compliance With Latest NIST Privacy Controls (MarketWatch) FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, today announced that its

Twitter Two-Factor Security Combats Takeovers (InformationWeek) Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming

Technologies, Techniques, and Standards

The secret to getting engineers to be more charismatic (Quartz) The idea that qualities like charisma or leadership can be taught is fairly new. Sixty years ago, science dictated that social skills were innate; somebody like Olivia would have been better off seeking a profession in which she could mostly avoid people

Security Pros Fail In Business Lingo (Dark Reading) Non-executive-level security professionals just aren't communicating well or coherently with senior executives, a new survey shows.That's in contrast to their superiors on the executive side of the security house, who appear to have somewhat hacked the proper business language and perspective: While about 38 percent of non-exec security pros say they use business-oriented language when they communicate with corporate execs, nearly half of exec-level security pros say they do

Is it time to professionalize information security? (Help Net Security) The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate. I think it is time to examine the question again

Beware Of The 'Checklist' Penetration Tester (Dark Reading) If your penetration tester has an overreliance on checklists, he or she is a novice. In the hands of a novice tester, checklists are treated as both the start and the end of a test

Design and Innovation

Someday, you may use bitcoin without even knowing it (Quartz) Bitcoin backers have big dreams—dreams of reinventing the financial system based around a currency not issued by governments and not subject to the whims of central banks. But the cryptocurrency's volatility over the last few months has raised questions about whether most people would want to depend upon it to pay for goods and services

Free information, as great as it sounds, will enslave us all (Quartz) Imagine our world later in this century, when machines have gotten better. Cars and trucks drive themselves, and there's hardly ever an accident. Robots root through the earth for raw materials, and miners are never trapped. Robotic surgeons rarely make errors. Clothes are always brand new designs that day, and always fit perfectly, because your home fabricator makes them out of recycled clothes from the previous day. There is no laundry. I can't tell you which of these technologies will start to work in this century for sure, and which will be derailed by glitches, but at least some of these things will come about

Research and Development

CESG And Cellcrypt To Develop MIKEY-SAKKE Technology (Dark Reading) MIKEY-SAKKE is a method of key exchange that provides a full set of standards in the public domain

The solace of quantum (The Economist) Cryptograaphy is an arms race between Alice and Bob, and Eve. These are the names cryptographers give to two people who are trying to communicate privily, and to a third who is trying to intercept and decrypt their conversation. Currently, Alice and Bob

Academia

Why Young IT Pros Should Consider Higher Ed (InformationWeek) While high unemployment continues nationwide, small colleges and universities face a chronic shortage of tech professionals. As if that challenge weren't daunting enough for CIOs like myself, now I'm told we must understand how the different generations think in order to better attract and retain them. Let me explain

Legislation, Policy, and Regulation

US government has no idea how to wage cyberwar: Ranum (ZDNet) Military strategies and tactics that may work in the physical world do not have a place in guiding "cyberwarfare", and those that attempt to use them demonstrate a key lack of understanding, according to Tenable Security's chief of security Marcus Ranum.Ranum, who spoke at AusCERT 2013 at the Gold Coast, Queensland, on Friday, highlighted several methods that strategists and tacticians use that simply do not work in the online world.The concept of castle defence, for example, is commonly used as

Co-ordination and responsibility remain top government cyber needs (Janes) US cyber officials continue to call for more active defences, better collaboration, and more accountability in industry as offensive threats maintain a significant advantage over defence

Helping China end its cybercrime spree (CS Monitor) In their first official summit, President Obama and Chinese President Xi Jinping will meet next month in California and talk informally for two days, trying to hash out their differences. If the latest White House concern about China is on the table, the two men will spend a lot of time on intellectual property theft.Only in recent months has the United States officially singled out China as the origin for much of the cybertheft of American industrial secrets. The effects of this stealing have

Mandiant's APT1: Revisited (CSO) The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. In February, Mandiant released APT1: Exposing One of China's Cyber Espionage Units, a 74-page tome that told the story of a professional cyber-espionage group that, if it's not sponsored by the Chinese government, certainly operated with its knowledge. Mandiant also released more than 3,000 APT1 indicators, comprising domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware

How the U.S. Government Hacks the World (BusinessWeek) Obscured by trees and grassy berms, the campus of the National Security Agency sits 15 miles north of Washington's traffic-clogged Beltway, its 6 million square feet of blast-resistant buildings punctuated by clusters of satellite dishes. Created in 1952 to intercept radio and other electronic transmissions—known as signals intelligence—the NSA now focuses much of its espionage resources on stealing what spies euphemistically call "electronic data at rest." These are the secrets that lay inside the computer networks and hard drives of terrorists, rogue nations, and even nominally friendly governments. When President Obama receives his daily intelligence briefing, most of the information comes from government cyberspies, says Mike McConnell, director of national intelligence under President George W. Bush. "It's at least 75 percent, and going up," he says

A spotlight on grid insecurity (Help Net Security) Drawing from responses from more than 100 utilities across America, a new report shows that the nation's electric grid remains highly vulnerable to attacks from Iran and North Korea, or other threats

Attacks on Utilities Highlight Need for Strong Rules: Lawmakers (eWeek) The survey, sent to electric companies and cooperatives by the congressional staffs of congressmen Edward J. Markey and Henry A. Waxman, found that most utilities complied with required cyber-security standards but only a minority had adopted voluntary

Cyber security in US power system suffering from reactive, self-policed rules (Naked Security) John Hawes argued that what's needed is carefully considered defensive strategies combined with fast responses to new, unforeseen vulnerabilities. Sadly when government and big business intersect, pragmatism and speedy reactions are rarely in evidence

Oil and Gas Lobby Resists Regulation Despite Cyber Risk (Wall Street Journal) The oil and gas sector faces many of the same cyber security challenges as the electric industry. Yet, there's one major difference between the industries, both of which need to secure software-based industrial control systems from intruders. There are no regulations governing cyber security among the oil and gas companies

The Morning Download: Gas Industry Lobbies Against Cyber Standards (Wall Street Journal) American Gas Association CEO Dave McCurdy said at a U.S. House of Representatives hearing on cyber security Tuesday that no regulations were needed and that the sector's voluntary approach is working just fine

Information Sharing Critical To Cyber Defense (Forbes) I kicked off a conversation with Dan Holden, Director ASERT, at Arbor Networks by asking him about the Mandiant APT1 Report that was generating a lot of buzz at this year's RSA Conference. Dan emphasized the benefit to the community of security

Cyber security task force launched in California (acumin) Government officials in California have come together with private sector leaders in an effort to develop a new cyber security task force.It is hoped the creation of a comprehensive strategy for the US state - the first of its kind in the country - will leave industry and local government better protected against the threat posed by hackers.Michele Robinson, acting director for the Office of Information Security, told Government Technology the move makes sense because of the various interconnect

Govt plans cyber security coordinator (Deccan Herald) Prime Minister Manmohan Singh on Thursday described outer space and cyber space as two emerging security challenges for India. To combat such threats, the government will soon create a national cyber security office for a coordinated response. The decision is aimed at implementing a national architecture on cyber security.We are implementing a national architecture for cyber security and have taken steps to create an office of a national cyber security coordinator, the prime minister said after

Joint action needed on cyber crime (TechCentral) If South Africa is to win the war on cyber crime, government and business need to collaborate, industry experts say. Defending against cybercrime requires constant vigilance and training and collaboration between financial institutions, government departments and anyone else who is vulnerable to attack

Litigation, Investigation, and Law Enforcement

French police end missing persons searches, suggest using Facebook instead (IT World) The latest victim of disruption by Internet technologies is a veteran of World War I: the missing persons search

Leonard Downie: Obama's war on leaks undermines investigative journalism (Washington Post) For the past five years, beginning with his first presidential campaign, Barack Obama has promised that his government would be the most open and transparent in American history. Recently, while stating that he makes "no apologies" for his Justice Department's investigations into suspected leaks of classified information, the president added that "a free press, free expression and the open flow of information helps hold me accountable, helps hold our government accountable and helps our democracy function." Then, in his National Defense University speech Thursday, Obama said he was "troubled by the possibility that leak investigations may chill the investigative journalism that holds government accountable"

What to Expect From DHS/FBI in a Cyber Investigation (Wall Street Journal) It's one thing to hear about the challenges companies face when dealing with a cyber incident in the abstract, it's another to see it play out in real-time. Before you even have your hands wrapped around what was taken and who took it, you have to confront you

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies...

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...

Diversity Careers in Cybersecurity Symposium (Baltimore, Maryland, USA, May 30 - June 2, 2013) The 2013 Diversity Careers in Cybersecurity Symposium creates opportunities for networking and learning. We invite top executives to give presentations on topics ranging from leadership best practices...

Recent Advances in Reverse Engineering (RARE) (San Francisco, California, USA, June 1 - 2, 2013) The goal of the rare conference is to provide a venue where people interested in the analysis of binary programs can speak to one another directly, and to form a common language outside of their respective...

2013 St. Louis CISO Summit (, January 1, 1970) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.

Pen Test Berlin 2013 (Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations...

CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical,...

NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, June 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by...

U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, June 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your...

Capital Connection 2013 (Washington, DC, USA, June 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections,...

RSA Conference Asia Pacific 2013 (Singapore, June 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will...

29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, June 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.

2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...

CISSE 17th Annual Colloquium (Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.

3rd annual Cyber Security Summit (, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...

NovaSec! (McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...

Suits and Spooks La Jolla 2013 (LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Hack in Paris (Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...

2013 ICAM Information Day and Expo (Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.

Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.

NASA National Capital Region Industry Days (Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...

ShakaCon (Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...

American Technology Awards Technology and Government Dinner (Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.