skip navigation

More signal. Less noise.

Daily briefing.

vBulletin's support forum has been breached, and the password compromise leads to fears of other exploits targeting Internet fora and message boards. vBulletin is resetting its users' passwords and urging them to change any they may have reused elsewhere.

CryptoLocker ransomware email vectors have reached millions of UK Internet users. Sophos offers suggestions for helping mitigate the crimewave.

Vulnerabilities have been found in another D-Link router. Symantec warns of Linux Backdoor Trojan Fokirtor, found on some corporate networks. Google Cloud Messaging is increasingly being used to handle botnet command-and-control traffic.

CME Group reports its ClearPort energy and metals futures trading platform has been attacked. The FBI is investigating; the financial industry continues to work toward attack information sharing.

Bitcoin, gaining legitimacy as a financial instrument, complains that a flaw in Android's secure random number generator enables Bitcoin theft. (Bitcoin also gains favor in the criminal underground's creepier precincts: a self-styled anarchist tries to crowdfund political assassinations using the virtual currency.)

Cyber rioting affects targets tangentially related to Israel. Motiveless Italian hackers hit NASA.

Allegations of Australian surveillance of Indonesia's president (allegedly by hacking his cellphone) induce Indonesia to recall its ambassador in protest. The German Bundestag opens a major debate over proper response to US surveillance today.

Director Alexander continues to defend NSA's surveillance operations as a divided Senate considers the agency's future.

China denies allegations of widespread PLA industrial espionage.

Stratfor hacker Hammond gets ten years; his supporters ask about Sabu, the Father Gapon of LulzSec. Lavabit litigation advances.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Israel, Morocco, Pakistan, South Africa, Spain, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Password hack of vBulletin.com fuels fears of in–the–wild 0–day attacks (Ars Technica) Hacks on sites using the widely used forum software spread to its maker

Hackers use zero–day vulnerability to breach vBulletin support forum (ComputerWorld) The hackers say they hacked the forum of vBulletin user MacRumors.com using the same exploit, which is now up for sale

VBulletin hacked. DEF CON closes its forums after security scare (Graham Cluley) VBulletin, the software used to run many internet forums and message boards, has had its network attacked by hackers, who managed to steal the user IDs of customers and encrypted passwords

Ten–Thousand CryptoLocked–Out (PC Magazine) In a blog post, security company Bitdefender revealed that CryptoLocker claimed over 10,000…Bitdefender Labs researchers were able to reverse-engineer the

UK probes cyber attack on bank computers (Oman Tribune) Cybercrime investigators are looking into a barrage of spam sent to millions of British banking customers designed to freeze their computers and demand a ransom, Britain's National Crime Agency said on Friday

CryptoLocker urgent alert — here's how YOU can help! (Naked Security) The UK's National Crime Agency has put out a CryptoLocker ransomware alert - the malware is still a huge problem, even after weeks of high profile coverage. Here's what YOU can do to help prevent it

Multiple security holes found in yet another D–Link router (FierceCIOTechWatch) A new bunch of vulnerabilities have been discovered in a D-Link router, according to security researcher Liad Mizrachi. As reported on ThreatPost, Mizrachi says he contacted D-Link to disclose the cross-site scripting (XSS) bugs he found in the company's 2760N (DSL-2760U-BN) routers on multiple occasions--twice in August, twice in September and once in October. However, he says the vendor did not respond to any of his disclosures

Affiliate network for mobile malware impersonates Google Play, tricks users into installing premium-rate SMS sending rogue apps (Webroot Threat Blog) Affiliate networks are an inseparable part of the cybercrime ecosystem. Largely based on their win-win revenue sharing model, throughout the years, they've successfully established themselves as a crucial part of the cybercrime growth model, further ensuring that a cybercriminal will indeed receive a financial incentive for his fraudulent/malicious activities online

Malicious emails target multiple operating systems (Help Net Security) Over the past several years, we have seen the proliferation of malware targeting mobile devices such as Android and iOS. The vast majority of the malware has been designed to target the former

Linux backdoor planted on company network to monitor traffic, steal data (SC Magazine) The backdoor trojan, dubbed "Fokirtor," was discovered in June by Symantec researchers. While investigating the breach of a large internet hosting provider, researchers discovered a Linux backdoor capable of stealing login credentials from secure shell (SSH) connections

Rise seen in use of Google service for mobile botnets (CSO) Google Cloud Messaging serving as conduit for sending data from C&C servers

CME discloses FBI probing July hacking attack (Financial Times) CME Group disclosed on Friday that a system used to process big futures trades had been hacked in July, highlighting the vulnerability of the financial industry to cyber attacks

CME Hack Reawakens Electronic Threat to Financial Services Firms (Bloomberg) The cyberattack on CME Group Inc. (CME) last week, routed through Hong Kong, is reminding the financial services world of one of its most constant threats to business

Secure Crypto: Critical Crypto Flaw on Android (RSA) BitCoin recently announced that there is a critical weakness in Android's secure number generator that lead to the theft of over 55 coins worth more than $5500. Google investigated and determined that key generation, signing, and random number generation operations might not receive cryptographically strong values. Also, native code that directly invokes the built-in OpenSSL PRNG without explicit initialization is also affected

FBI warns of U.S. government breaches by Anonymous hackers (7 News) Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week

PlayStation 4 and Xbox One Survey Scams Spotted (TrenLabs Security Intelligence Blog) With the recent release of the PlayStation 4 in North America and the upcoming release of the Xbox One, November is fast becoming an exciting month for gamers. However, it appears that they aren't the only ones looking forward to these launches. We spotted several survey scams that took advantage of the buzz surrounding the two consoles

Modi's men ground UAVs fearing cyber attack! (Bangalore Mirror) It was a security plan that was worked out in minuscule detail. Even the sky was not spared as unmanned aerial vehicles (UAVs) were to be deployed for an hawk-eyed vigil on the nearly two lakh crowd that would gather at the Palace Grounds. Dry runs were conducted and the results were also positive. But when BJP's prime ministerial candidate Narendra Modi got into action-mode on Sunday, the UAVs remained grounded. Reason: The threat of a cyber attack

Anonymous Threatens to Hack Japanese Government Websites over Dolphin Hunting (International Business Times) Hacktivist group Anonymous has issued a threat against the Japanese government over its controversial dolphin and whale hunting programmes

Sun–Times website under siege (Robert Feder) As if the Sun-Times needed any more problems lately, the newspaper's website came under cyber attack Saturday

Pakistani Hacker Defaces Websites of Indian Television Network Sun TV (Softpedia) Yet another Indian mass media company has been targeted by a hacker of the Pakistan Haxors Crew. This time, the victim is Sun TV Network, a Chennai-based mass media organization

Birmingham City Council website buckles under 'Anonymous' cyber attack (Birmingham Mail) Council confirmed its web services has been 'subjected to multiple inappropriate hits'

8 NASA Domains Hacked and Defaced by Italian Hackers Team (HackRead) A newly emerging hacking group going with the handle of M4ST£R 1T4L!4N H@CK£RS T£4M (Master Italian Hackers Team) has hacked and defaced 8 official National Aeronautics and Space Administration (NASA) domains. Team left their deface page along with a message on all hacked domains. However, the reason for attacking NASA domains was not mentioned anywhere on the page

AnonGhost Hacks Hillside Illinois Police Department website against NATO Strikes (HackRead) The official website of State of Illinois' Hillside Police Department has been hacked and defaced by online hactivist group AnonGhost. Hillside Police Department website got hacked just few minutes ago on which the hackers have left a deface page along with a message against the governments of the world. The audio message on the site criticizes NATO's role in the Muslim countries

AnonGhost Hacks and Defaces 1282 Websites (HackRead) hacker from online hacktivist group AnonGhost has hacked and defaced a total number of 1282 random websites just few hours ago. Hacker has left a deface page along with a message on all hacked sites, displaying group's official logo and tribute to his group members. We are AnonGhost, Hacked by HusseiN98! We are watching you, don't close you eyes! Targeted websites belong to different countries

Moroccan Ghosts hacks Israel Taekwondo Federation website, leaves 'no Israel only Palestine' message (HackRead) The famous online hacktivist from Moroccan Ghosts have hacked and defaced the official website of Israel Taekwondo Federation (ITF) in support of Palestine. Hackers have left a deface page along with a text message and a Youtube footage of Palestinan leader Ahmed Yasin talking in support of Palestine and against the state of Israel

Meet The 'Assassination Market' Creator Who's Crowdfunding Murder With Bitcoins (Forbes) As Bitcoin becomes an increasingly popular form of digital cash, the cryptocurrency is being accepted in exchange for everything from socks to sushi to heroin. If one anarchist has his way, it'll soon be used to buy murder, too

4 Lessons From MongoHQ Data Breach (InformationWeek) Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers

Security Patches, Mitigations, and Software Updates

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw (Naked Security) Apple pushed out iOS 7.0.4 last week, the fourth patch in two months. Is iOS getting buggier, or is Apple simply publishing security fixes more promptly

Firefox 25.0.1 — the security update that wasn't? (Naked Security) Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1. Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes

Microsoft: We erred in recent Patch Tuesday; Internet Explorer zero–day still unpatched (TechieNews) Microsoft has revealed that it messed up in its recent Patch Tuesday bulletin by including details about the Internet Explorer zero-day that shouldn't have been there in the first place as the security updates didn't have the fix for CVE-2013-3871

Google and Microsoft to block child porn searches on their search engines (Silicon Republic) Google and Microsoft are taking steps to make it harder and harder for child porn content, images and videos to be found on their respective search engines, it emerged today

Cyber Trends

Aviation industry vulnerable to cyber attacks: IATA (Times of India) The International Air Transport Association (IATA) has also called for a partnership between industry, governments and regulators to enhance aviation security by embracing a globally harmonised, risk-based system. Faced with cyber security threats, the aviation industry, which has spent over US$ 100 billion on security since 9/11, should share best practices and partner with governments to adapt to new challenges and tackle them, airlines' body IATA has said

Financial service industry takes the lead in curing the third party security headache (CSO) Aetna CISO Jim Routh discusses how the ever-expanding threat landscape has led the Financial Services Information Sharing and Analysis Center (FS-ISAC) to improve software security at financial organizations

Finance Industry Grapples With Cyber Threats (Forbes) Cyber attacks are increasingly thought of as a threat to modern society. Fears that attackers will use computers to disable critical infrastructure, like the power grid or transportation networks, crippling everyday functions, are touted as the next frontier in threats to security

NERC CIP compliance insufficient to ensure electric system security (Help Net Security) Tripwire announced the results of a survey on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance

Mobile security confidence will be key to m–commerce adoption (Mobile Commerce Press) According to the National Cyber Security Alliance executive director, Michael Kaiser, "Many people just start using a mobile device without always taking the

Mandiant CTO: Data breaches inevitable, but impact can be variable (Siliconrepublic.com) Mandiant CTO Dave Merkel told the IIEA Cyber Security Conference that while businesses may invest heavily in making themselves perfect 100pc of the time

Agencies Widen Open–Source Use (InformationWeek) Open-source software programs streamline efforts, improve security, and lower costs

Marketplace

Why Companies Are Thinking Twice About Buying American (TIME) Finally, a survey published this summer by the Cloud Security Alliance, which develops security standards for Internet companies, examined the number of

FireEye CEO DeWalt on Snowden, cyber security, his stock price — and the mobile phone threat (Silicon Valley Business Journal) FireEye Inc. CEO David DeWalt has been busy lately. Following one of the biggest IPOs of the year, the company has pushed an aggressive product development schedule that's seen it introduce a new product every 11 days, and it's more than doubled its revenue and increased its headcount at least 22 percent to well over 1,100 since its IPO

Engage Clients Skyfire, Devicescape and Procera Receive Industry Awards for Delivering Disruptive Solutions (Digital Journal) Engage, a communications agency specializing in the mobile, cloud and telecom markets, today announced clients Skyfire and Devicescape have both been awarded with Fierce Innovation awards and Procera Networks has been selected for a Broadband Traffic Management award

CACI expands its cyber, intelligence business through Six3 acquisition (UPI) CACI International Inc. has acquired Six3 Systems from private equity firm GTCR, expanding its cyber and intelligence

Products, Services, and Solutions

Zero–Day Attacks Among the Most Costly and Feared Hacker Tools for a Reason (Digitl Journal) …"We designed DBRT with this fundamental weakness in mind. DBRT doesn't rely on known signatures to fight malware, it recognizes suspicious program behavior to expose what is actually being done and to whom, allowing IT personnel to identify an attack, remediate it, and inoculate systems enterprise-wide against reinfection, all from a single command and control console"

Startup Firm Attacks Mobile Security Problem With Network–Based Offering (Dark Reading) A startup company today launched a range of new services that attack the enterprise mobile security problem where it lives: in the network

Technologies, Techniques, and Standards

PNNL practices defense drill against cyber attack on grid (News Tribune) Pacific Northwest National Laboratory scientists practiced for a potential disaster that few people likely worry about last week — a cyber attack on the nation's electric grid

Cybersecurity Experts Will Face Off in Mock Netwars (Nextgov) Cybersecurity competitions are no longer limited to just high school and college students

The advantages of digital watermarking in enterprise data protection (Search Security) How difficult is it to watermark data so it has little value to attackers if stolen, and can be tracked later by authorities

Data–classification levels for compliance: Why simple is best (Search Security) We're interested in implementing a data-classification program to lower our compliance costs. We'd like to establish different sets of controls for different data types. However, we're struggling to define our data-classification levels. How do you recommend structuring the data-classification scheme for a Fortune-500-type company

Data governance 2.0: Adapting to a new data governance framework (Search Security) Companies are collecting more data on the behavior and sentiment of customers than ever before. They use multiple partnerships into what Forrester Research Inc. calls a data economy ecosystem, which involves four distinct roles: data originators (fidelity and payment cards, sensors, social networks), data aggregators (Acxiom, Bluekai, Experian, Rapleaf), data analyzers (Adobe Marketing Cloud, Acxciom, Buxton, Rapp) and data clients (retailers)

New measures for security metrics: Ranum Q&A with Jay Jacobs (Search Security) Information security metrics abound, but few reports garner the attention awarded Verizon's Data Breach Investigations Report. The 2103 DBIR, which highlighted China's alleged cyberespionage among other significant breaches, was based on data pooled from 19 organizations worldwide

Break–even analysis: The highs and lows of risk and ROSI (Search Security) Pete LindstromIn my first column I issued a call to action to help technology risk management professionals make good decisions through the application of economic techniques. While that might seem like a tall order, you're already making those decisions. What you thought were random qualitative choices about running a security program actually reveal a lot about your risk expectations

Virtualization security dynamics get old (Search Security) In 2008 at the Black Hat security conference in Las Vegas, I presented the results of two years' worth of security research. "The Four Horsemen of the Virtualization [Security] Apocalypse" sought to educate the Black Hat audience about the past, present and future of the intersection of virtualization and security

Eliminating black hat bargains (Search Security) When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker

CSA Calls for Unified Cloud Security Standard — Can It Work? (Midsize Insider) The Cloud Security Alliance (CSA), a nonprofit cloud advocacy group, has just debuted its software-defined perimeter (SDP) initiative, which aims to provide

FDA Recommends IEEE 11073 Standards for Medical–Device Communication (Hispanic Business) IEEE announced that it received a key recommendation from the U.S. Food and Drug Administration (FDA)

Sagan as a Log Normalizer (Internet Storm Center) "Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc)"

The Security Impact of HTTP Caching Headers (Internet Storm Center) Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers [2]. The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to talk a bit about caching in web applications and why it is important for security

Modeling Users And Monitoring Credentials Prevents Breaches (Dark Reading) Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks

Design and Innovation

The grand vision for a homegrown Silicon Valley in one of Joburg's most notorious neighbourhoods (ZDNet) An ambitious new technology precinct for high-tech business incubation is planned for the heart of Africa's most prosperous city

Research and Development

Quantum memory breakthrough could lead to ultrafast computing (IT Pro Portal) A 'world record' in quantum memory has been broken by a team of scientists in Canada, potentially paving the way for ultrafast data transmission through quantum computing

Quantum Bit Stored for Record 39 Minutes at Room Temperature (IEEE Spectrum) A physical state crucial for quantum computing has managed to survive at room temperature for 39 minutes in a record-breaking experiment. The new study gives a huge boost to quantum computing's prospects of storing information under normal conditions for long periods

Tracking botnets using automatically generated domains (Help Net Security) Stefano Zanero is an Assistant Professor at Politechnico di Milano, where he focuses on systems security. Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control

Academia

High schools team with Army for cyber studies (Army Times) High schoolers in Huntsville, Ala., may become the Army's next cyber warriors

Poly hacking competition comes to close, winners announced (Washington Square News) The Polytechnic Institute of NYU became a tech hub this weekend as it hosted the finals for five of its Cyber Security Awareness Week's competitions. Winners were decided for the final games including Capture-the-Flag, High School Forensics, Embedded Systems, Homeland Security Quiz and Awareness events. The competition extended from Nov. 14 to 16

Legislation, Policy, and Regulation

Indonesia recalls ambassador (9 News National) Indonesia has recalled its ambassador to Australia and will review all information exchanges and cooperation amid growing anger in Jakarta over fresh spying allegations

Australian Parliament House 'overlooked' US spy program (ZDNet) Despite considering that parliamentarians should assume they are being compromised by the US' spy program, parliamentary services stood by and said nothing because they hadn't yet seen an attack

US envoy: NSA spying causing distress in Germany (AP via the Appeal Democrat) The United States faces a difficult task in repairing its image among Germans after allegations of massive National Security Agency surveillance, including Chancellor Angela Merkel's personal cellphone, the U.S. ambassador to Germany acknowledged Friday

Give Snowden Asylum in Germany (New York Times) Almost every day, new information is released about how American and British intelligence agencies have monitored governments, embassies and the communications of whole societies. These revelations have provided us with a deep and terrifying insight into the uncontrolled power of intelligence agencies

Allemagne: grand débat au Bundestag sur l'espionnage américain (AFP via Le Point) Les députés allemands doivent débattre lundi après–midi de l'espionnage américain lors d'une séance extraordinaire au Bundestag réclamée par la gauche radicale et les Verts après des révélations en octobre sur une possible surveillance du portable d'Angela Merkel

ODNI General Counsel Robert Litt's as prepared statement for the record before the Joint Hearing of the Privacy, Technology and the Law Subcommittee of the Senate Judiciary Committee (IC on the Record) Thank you, Mr. Chairman, Ranking Member Flake, Senator Blumenthal. Thank you for the opportunity to appear before you today to discuss this very important issue of how best to inform the public about sensitive intelligence activities consistent with the need of national security

Mischaracterizing the NSA (Armed with Science) Media reports detailing secret National Security Agency collection of data from companies such as Google and Yahoo from overseas data centers mischaracterize what NSA does, the agency's director said in a speech to the Baltimore Council on Foreign Affairs

Senate intelligence panel sharply split on surveillance reforms (Politico) The Senate Intelligence Committee split sharply on proposals to rein in National Security Agency surveillance programs last month, rejecting several potentially significant reforms by a single vote, according to a formal committee report published this week

How an Unfalsifiable Counterterrorism Strategy Makes Us Less Safe (The Atlantic) The secrecy of the national security bureaucracy makes it impossible to hold them accountable when their policies aren't working

Schneier tells Washington NSA broke Internet's security for everyone (Ars Technica) And techies can only fix it if government stays out of way

Key moments in NSA spy saga (Christian Science Monitor) A timeline of important events as elements of a National Security Agency clandestine operation came to light this year

US spying agencies are out of control (China Daily) When Internet security firm Mandiant issued a report in February accusing a so-called Shanghai-based People's Liberation Army Unit 61398 of hacking into the computers of a wide range of American industries, Congressmen, government officials, intelligence officers and a largely unquestioned news media in the US immediately jumped on the bandwagon railing against China

New body to address external, internal threats to China: Xi Jinping (Economic Times) China will have a new national security agency to address both internal and external threats facing the country, President Xi Jinping announced today

A Russian GPS Using U.S. Soil Stirs Spy Fears (New York Times) In the view of America's spy services, the next potential threat from Russia may not come from a nefarious cyberweapon or secrets gleaned from the files of Edward J. Snowden, the former National Security Agency contractor now in Moscow

U.S. Agencies to Say Bitcoins Offer Legitimate Benefits (Bloomberg) The Department of Justice and Securities and Exchange Commission are telling a U.S. Senate committee that Bitcoins are legitimate financial instruments, boosting prospects for wider acceptance of the virtual currency

Litigation, Investigation, and Law Enforcement

Lavabit–DOJ dispute zeroes in on encryption key ownership (ComputerWorld) Enterprises should own and manage all keys, but that's easier said than done

Justice is reviewing criminal cases that used surveillance evidence gathered under FISA (Washington Post) The Justice Department is conducting a comprehensive review of all criminal cases in which the government has used evidence that it gathered through its warrantless surveillance program and will be notifying defendants in some of those cases, according to Attorney General Eric H. Holder Jr

Lulzsec member sentenced to 10 years for hacking intel firm Stratfor (Ars Technica) Judge cites "unrepentant recidivism" as the reason for a maximum sentence

Anonymous Hacktivist Jeremy Hammond Gets Maximum 10–Year Prison Sentence (TechCrunch) Anonymous hacktivist, Jeremy Hammond, who leaked millions of emails from security firm Stratfor, has been slapped with the maximum prison sentence of 10 years. Hammond claimed the harsh ruling was a "vengeful, spiteful act" designed to send a message

Jailed Anonymous hacker Jeremy Hammond: 'My days of hacking are done' (The Guardian) Hammond calls his 10-year sentence a 'vengeful, spiteful act' by US authorities eager to put a chill on political hacking

Supreme Court Rejects Case Challenging NSA Phone Spying (Wired) The Supreme Court today rejected a challenge to the National Security Agency's once-secret telephone metadata spying program

NSA surveillance programs face challenges in court (Greenville Online) The federal government's once-secret telephone and Internet surveillance programs face crucial court hearings in Washington and New York this coming week, and even the Supreme Court is getting in on the act

Judge Hearing Demand to Unplug NSA Spies (World News Daily) A federal judge in Washington on Monday will hear arguments that the spies at the National Security Agency should be unplugged so they cannot collect telephone and Internet information on Americans, and while attorneys often consider their own cases significant, in this situation it's the judge who has established a high priority

NSA reports put Western media in difficult situation (Arab News) The spying revelations by former National Security Agency contractor Edward Snowden have made it a high-pressure, high-stakes time to be a top media executive

NSA grapples with 988% increase in records requests (USAToday) The NSA will neither confirm nor deny that it has gathered information on anyone

Praag to lay criminal charge after cyber attack (ITWeb) The Pro-Afrikaanse Aksiegroep (Praag) will lay a charge with the South African Police Service (SAPS), after becoming the victim of a distributed denial of service (DDOS) attack that it says was launched by extremist anti-Afrikaans groups

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Oil and Gas Cyber Security 2013 (London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...

DefCamp 2013 (Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Cyber Education Symposium (Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.