skip navigation

More signal. Less noise.

Daily briefing.

#OpIsrael concludes with Israeli authorities dismissing the campaign as a nuisance, but warning that Israel and others cannot always assume such efforts will be so readily contained. Various Anonymous factions count coup against members of the Knesset and some ministerial offices.

Russian insiders, in what lawyers would hardly regard as an admission against interest, suggest to the Indian defense community that recent hacks of HAL and Sukhoi were mounted from (by?) the United States.

The Heartbleed vulnerability continues to roil enterprises worldwide. The Atlantic Wire and the Verge offer good rundowns of Heartbleed's significance. (Executive summary from the Wire: "You'll have to change all of your passwords, and temporarily avoid any site that is known to be vulnerable.") Many other experts offer detailed advice tailored to particular communities and their concerns.

FireEye draws attention to the ease with which state-of-the-art malware evades file-based sandboxing.

The New York Times describes the risks to which surprising and largely unexamined connections expose even well-defended enterprises.

Yesterday's obsequies for Windows XP include much rumination on why XP will continue to haunt us, and what can be done to lay its ghosts.

The energy sector continues to worry about its exposure to cyber attack: problems getting cyber insurance are particularly disturbing. So is closer regulatory scrutiny, and that's not confined to energy companies.

Financial markets scrutinize cyber companies: Symantec takes advice on fending off shareholder activism; investors try to decode FireEye's share price fluctuations.

Privacy advocates apparently gain ground in the US Congress and Administration.

Notes.

Today's issue includes events affecting Australia, Brazil, Colombia, India, Indonesia, Israel, New Zealand, Nigeria, Russia, United Kingdom, United States, and Yemen..

Dateline SINET ITSEF 2014

IT Security Entrepreneurs Forum (ITSEF) 2014: Forum (SINET) SINET ITSEF's Forum continues today, April 9, with keynote addresses by Alejandro Mayorkas, Deputy Secretary, US Department of Homeland Security, who will give us a perspective from DHS, and Kjetil Nilsen, Director General, Nasjonal Sikkerhetsmyndighet (NSM - Norway's National Security Authority) who will speak on the "Nordic Cybersecurity Model of Trust." Much interesting talk yesterday touched on challenges and opportunities facing cyber start-ups, and conference participants will be able to continue the discussion during focused table sessions

Cyber Attacks, Threats, and Vulnerabilities

#OpIsrael: Israeli Ministry of Agriculture Domain Hacked, 100+ other crushed down by Anonymous (HackRead) Year 2014 begin with a warning from online hacktivists Anonymous in which it warned Israel to get ready for a massive cyber attack on 7th April 2014 under the banner of #OpIsrael. The attack included distributed denial-of-service (DDoS) attack on thousands of Israeli government and private domains, leaking personal details and defacing websites

'Cyber attack' hits Knesset — 18 MKs hacked (Jerusalem Post) Hacking perpetrated by 'Anonymous, not Silvanonymous,' presidential candidate's office says, ruling out political rivals as culprits

Did US Hackers Target and Leak Su-30 MKI Faulty Display problems on purpose? (INN via Indian Defense) Russian Cyber Command (RCC) which claimed to have Hacked Indian embassy in Moscow and leaked documents which HAL had faxed to Russian company highlighting problems related to Faulty Display of sukhoi 30 MKI might actually have been handy work of US cyber warriors backed by US government hinted Russian Defence officials recently

What You Need to Know About Heartbleed, the New Security Bug Scaring the Internet (The Atlantic Wire) What should you know about Heartbleed, a recently uncovered security bug? The shortest version: You'll have to change all of your passwords, and temporarily avoid any site that is known to be vulnerable. That sounds a bit alarmist, we know, but now that internet and security experts know a little more about the security vulnerability, it's becoming more and more clear that Heartbleed is nothing to mess with

Why Heartbleed is the most dangerous security flaw on the web (The Verge) The 'catastrophically bad' bug has left Yahoo, Imgur, and countless other services vulnerable

Did the Heartbleed bug leak your Yahoo password? (Graham Cluley) The so-called Heartbleed security flaw found in the OpenSSL cryptographic software library, has created shockwaves for internet companies and users worldwide, and saw some firms scrabbling to fix and update their servers and software

Vendors and administrators scramble to patch OpenSSL vulnerability (CSO) Since news of the OpenSSL bug started to spread on Monday, administrators and vendors have made a mad scramble to patch the Heartbleed bug

Dear readers, please change your Ars account passwords ASAP (Ars Technica) Recovery from the critical Heartbleed crypto bug enters the password reset phase

What Bitcoin Users Need To Know About Heartbleed (TechCrunch) If you're using a bitcoin wallet or an online wallet or exchange, heartbleed could be a very real problem for you and your BTC. Luckily, things have finally settled down after a few days of panic and there are few very easy ways to ensure you're protected

Heartbleed vendor notifications (Internet Storm Center) As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. I'd like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue. Please provide comments to the original article relating to the vulnerability itself, and use this post to only provide links to vendor notifications rather than articles etc about the issue

Indonesia's Largest Telecom Provider Leaks Large Portions of the Global Routing Table (CircleID) Earl Zmijewski from Renesys reports: Yesterday, Indosat, one of Indonesia's largest telecommunications providers, leaked large portions of the global routing table multiple times over a two-hour period

Cybercriminals use sophisticated PowerShell-based malware (CSO) Two separate threats that use malicious Windows PowerShell scripts were identified in the past few weeks by malware researchers

Hot Knives Through Butter: Evading File-based Sandboxes (FireEye) With organizations facing a deluge of cyber attacks, virtual-machine sandboxing has become a popular tool for quickly examining legions of files for suspicious activity. These sandboxes provide isolated, virtual environments that monitor the actual behavior of files as they execute. In theory, this setup enables security professionals to spot malicious code that evades traditional signature-based defenses. But sandboxes are only as good as the analysis that surrounds them. By themselves, sandboxes can only monitor and report file activity, not analyze it. And unfortunately for organizations that rely on them the file-based sandboxes used by many vendors are proving oblivious to the latest malware. Attackers are using a variety of techniques to slip under the radar of these sandboxes, leaving systems just as vulnerable as they were before

Hackers Lurking in Vents and Soda Machines (New York Times) They came in through the Chinese takeout menu. Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business's vast computer network. Security experts summoned to fix the problem were not allowed to disclose the details of the breach, but the lesson from the incident was clear: Companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest of places for vulnerabilities

DARPA-Funded Researchers Help You Learn To Hack A Car For A Tenth The Price (Forbes) When Chris Valasek and Charlie Miller began their car hacking research nearly two years ago, they had to spend more than $50,000 on a used Ford Explorer and Toyota Prius. They shelled out thousands more on repairs and insurance. Then Miller spent an extra $1,000 or so to replace his lawn mower and repair his house after he digitally disabled the SUV's brakes, sending it crashing through his garage

KnowBe4 Issues CryptoDefense Warning — Ransomware is Worse than CryptoLocker (Dark Reading) KnowBe4 alerts computer users of new ransomware, how to avoid infection and how to avoid being caught up in a cyber-gang war

Calling all hackers: the end of Windows XP support could herald new security risks (Deutsche Welle) After almost 13 years, Microsoft has ended support for its popular Windows XP operating system. It could be a curse for developing countries where XP is still common — and a blessing for hackers

Windows XP Diehards Face The Music (InformationWeek) Some Windows XP holdouts make late-breaking pushes to upgrade — to Windows 7, not Windows 8.1

Windows XP: Why It Won't Die (InformationWeek) Arbitrary OS upgrade mandates don't make sense in the real world, some Windows XP organizations say

Windows XP Plug Pulled: 5 Questions (InformationWeek) After 12 years, Windows XP officially becomes an unsupported OS. Here's what you need to know, from old PCs to dicey ATMs

Few European ATMs upgraded to Windows 7 (ZDNet) A research report indicates that Europe is far behind the US in moving ATMs from Windows XP. Less than 1 percent of ATMs in Europe are running Windows 7

Windows XP is Dead: Not Every Company Got the Memo (NBC News) The popular operating system Windows XP is about to become a lot less secure, yet a surprisingly high number of enterprises still expect to run parts of their business on the software, analysts say

New Details Released in Cyber Attack that Defrauded Adventist Church of Half a Million US Dollars (Adventist News Network) New details have been released in the ongoing investigation of a sophisticated cyber theft that defrauded the Seventh-day Adventist Church of approximately US$500,000 during the span of a four-week period late last year

Pro-Life Group Hit by Cyber Attack (New Zealand Catholic) Family Life International New Zealand's Facebook pages have been attacked, forcing the organisation to pull them down to get rid of the filth.

BigMoneyJobs[dot]com Hacked (eSecurity Planet) Hacker ProbablyOnion leaked 36,802 names, addresses, phone numbers, e-mail addresses and plain text passwords

Florida School District Publishes Employees' Social Security Numbers Online (eSecurity Planet) The data was included in a document that was inadvertently made available online for two years

Kaiser Permanente Acknowledges Three-Year Data Breach (eSecurity Planet) A company server was infected with malware in the fall of 2011, but the infection wasn't detected until two months ago

Security Patches, Mitigations, and Software Updates

Don't delay. Get your Microsoft and Adobe security patches while they're hot (Graham Cluley) Another Patch Tuesday, means another round of security updates from Microsoft and Adobe, designed to fix critical vulnerabilities in their software

Microsoft Security Bulletin MS14-017 — Critical (Microsoft Security TechCenter) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution

Microsoft releases final security updates for Windows XP (Help Net Security) So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat. Sure, by today's standards it's a leaky, indefensible, liability, but, do you even remember Windows 98? Or (*gasp*) ME? At least we can all finally put IE 6 to rest, once and for all, the final excuse for corporate life-support has been pulled, except for legacy apps built so poorly that they depend on IE 6 and are "too costly" to replace

Why ending user support for Microsoft XP is the right thing to do (Help Net Security) Today is the day that Microsoft's well-documented plans to end support for Windows XP comes into fruition, and with roughly 30 per cent of all desktop computers worldwide still running the operating system, that could mean a lot of people are left with little to no security on their PCs or laptops

If you love someone, upgrade them from XP (We Live Security) Sting famously sang "If you love someone, set them free." Here's my suggested improvement: "If you love someone, upgrade them from XP." It's not actually such an odd connection to make. Way back in October 2001, Sting gave a free concert in New York's Bryant Park to "celebrate the launch of Microsoft Windows XP"

Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions

Siemens Ruggedcom Addresses BEAST Flaw in WiMax Products (Threatpost) The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigations. That was in 2011. Nearly three years later, Siemens is pushing

Cyber Trends

IDF 'cyber-chief' Moscovitch: Today's online attackers are gaining on the defenders (Jerusalem Post) At National Security Studies annual cyber confab, Maj.Gen. says trying to predict the expansion of cyber warfare is problematic

The Danger Signs Are Adding Up (Huffington Post) No one should be surprised that the world of cybersecurity and its associated blame game is continuing unabated. Several interesting incidents have happened in the past two weeks that bear highlighting

Energy companies need insurance cover for cyber attack 'time bomb' (Reuters) Energy companies have no insurance against major cyber attacks, reinsurance broker Willis said on Tuesday, likening the threat to a "time bomb" that could cost the industry billions of dollars

Why some insurers are dumping utilities. And how "the convergence of all things security" can help (Smart Grid News) Why the smart grid needs "security intelligence." BBC News recently posted a thought-provoking piece explaining why many energy companies (including power and utilities) are being turned down for insurance policies to cover cyber-attacks. The net: audits of existing defense and protection strategies "concluded that protections were inadequate"

Critical Infrastructure Cyber Security: An Interview with Mr. Vincent Beck (Journal of Energy Security) Question: The National Institute of Standards and Technology (NIST) recently released its 'Framework for Improving Critical Infrastructure Cyber Security'. For those who are not involved in cyber-security or cyber-defense on an active basis, could you elaborate on what this document aims to achieve and improve upon? Further are there gaps in protecting critical energy infrastructure that are not addressed in this document? If so, how would you propose that these gaps be bridged?

'Ransomware' cases to spike (The Australian) Consumers and businesses have been warned to brace themselves for a deluge of "ransomware" attacks, malicious software that encrypts files and demands payment of hundreds or thousands of dollars to decrypt them

Internet security: Cyber-criminals more cunning in attacks (New Zealand Herald) Cyber-criminals are planning their "hits" more carefully and the attacks are lasting longer than ever — and many New Zealanders are leaving themselves exposed to cyber threats on their computers, mobiles and social networks

Dark Market Zero-Days 'Selling Regularly For $50k-$100k' (TechWeek Europe) Symantec researchers tell TechWeek that dark market crooks are getting big bucks from selling zero-days, despite the rise of legitimate bug bounties

Businesses create IT security blind spots (Help Net Security) New research shows that 54 percent of companies in the UK are using incorrect metrics when trying to determine their IT security status, providing a false picture of the organization's vulnerabilities and risk, driving the wrong behavior

One third of phishing attacks aimed at stealing money (Help Net Security) According to data collected as part of Kaspersky Lab's 'Financial cyber threats in 2013' study, cybercriminals are trying harder than ever to acquire confidential user information and steal money from bank accounts by creating fake sites mimicking financial organizations

A security advisor's perspective on the threat landscape (Help Net Security) In this interview, Sean Sullivan, the Security Advisor at F-Secure Labs, talks about threats he's seen during his career, iOS vs. Android security, security awareness and threat evolution

What's Worse: Credit Card Or Identity Theft? (Dark Reading) When it comes to data loss, it's time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream

One Year Later: The APT1 Report (Dark Reading) One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014

Marketplace

Exclusive: Symantec to hire banks for advice, activism defense — sources (Reuters) Anti-virus and security software maker Symantec Corp, which recently fired its chief executive amid declining sales and fierce competition, is in the process of hiring banks to help advise on strategy and defend against possible activist investors, according to several people familiar with the matter

FireEye Inc (FEYE) Bounces On Analyst Upgrade (ValueWalk) FireEye Inc (NASDAQ:FEYE) a cyber-threat management company, has received a key upgrade from analysts at Wedbush. In a report dated April 8, 2014, analyst Sanjit Singh has upgraded the stock from Neutral to Outperform but cut his price target from $72 to $62 a share

FireEye Shares Have Been Clobbered — Is It a Buy Yet? (Motley Fool) Shares of FireEye (NASDAQ: FEYE ) have dropped as much as 49% since reaching a peak of $97.35 on March 5. Despite the sell-off, industry fundamentals remain very good, and the integration with Mandiant appears to be progressing well as the company separates itself from competitors like Symantec (NASDAQ: SYMC ) and Intel (NASDAQ: INTC ). Is this a buying opportunity?

Richard Clarke: SRA to Help GSA Run Data Encryption, Sharing Setup (GovConWire) SRA International has won a potential five-year, $22 million contract to help the General Services Administration manage a web portal that government agencies use to secure online information

Twitter buys Android lock-screen app startup (FierceMobileIT) Twitter has acquired Cover, an Android lockscreen app startup, for an undisclosed consideration, the Wall Street Journal reports

Microsoft creates Brazil business unit to focus on cyber defense (BNAmericas) Microsoft has created a business unit in Brazil to serve the justice and public security segments which will target, among other subjects, cybersecurity and cyberdefense

DDos Security Providers Countering Cyber Attacks on Internet Startups (The VAR Guy) Security providers including Cloudflare, Akamai and Arbor Networks, specializing in blunting denial-of-service attacks, are helping new Internet-based businesses survive ransom threats by cybercriminals to crash their businesses

Why Network Security Vendors Should Stay Away From End Point Security, and Vice-Versa (Forbes) There would be many more successful security companies if their founders and leaders had a better understanding of the IT security space

Nigeria: CWG, Mag Tech Move to Curb Cyber Attacks in Financial Sector (All Africa) In an attempt to reduce the level of threat and Cyber- attack in the financial sector, Computer Warehouse Group (CWG PLC), and MAG Tech, a specialized information security and intelligence company, recently organized information security session in Lagos

Products, Services, and Solutions

Software helps police manage lawful access to forensics info (GCN) Forensic lab managers can now enforce policies for extracting data based on user profiles or department policies. Mobile forensic tech developer Cellebrite Inc. updated its Universal Forensic Extraction Device (UFED) Permission Management software to offer administrative support at logical, file system or physical levels of extraction

Cryptography Research and Fairchild Semiconductor Sign Patent License Agreement for DPA Countermeasures (Wall Street Journal) Cryptography Research, Inc. (CRI), a division of Rambus Inc. (NASDAQ:RMBS), and Fairchild Semiconductor Corporation (NASDAQ: FCS) today announced they have signed a patent license agreement allowing for the use of CRI's patented inventions in Fairchild's integrated circuits. With CRI's patented technology, Fairchild's tamper-resistant integrated circuits are more securely protected against differential power analysis (DPA) and related attacks. This license also covers software developed by Fairchild's customers when utilized on Fairchild's licensed integrated circuits

Yahoo email anti-spoofing policy breaks mailing lists (CSO) In an attempt to block email spoofing attacks on yahoo.com addresses, Yahoo began imposing a stricter email validation policy that unfortunately breaks the usual workflow on legitimate mailing lists. The problem is a new DMARC (Domain-based Message Authentication, Reporting and Conformance) "reject" policy advertised by Yahoo to third-party email servers

Technologies, Techniques, and Standards

Applying the scientific method to software testing (TechTarget) How does the scientific method apply to software testing? Christin Wiedemann: Software testing can always benefit from a more structured approach. The scientific method isn't really one set of methods, but a larger set of guiding principles

When does more data trump clean data? (TechTarget) The days of scrubbing data until it's squeaky clean are quickly becoming a luxury, especially as IT departments answer the business' call to arms for more speed and more agility. But providing real-time data use raises a fundamental question for CIOs: Just how clean is clean enough? Experts like Farzad Mostashari, former national coordinator of health information technology for the U.S. Department of Health and Human Services, have persuasively argued that the solution to dirty data is more dirty data. Adding data "provides you with context," he said at an information quality conference last summer. Others, like Michael Berry, analytics director for TripAdvisor's business operations, think otherwise. Those who believe they don't need to worry about clean data because they have so much data "are just wrong," he said at a predictive analytics event last fall

Incident response lessons from Facebook's red team exercises (TechTarget) I read about how Facebook's security staff was recently involved in "red team exercises," which seemed to be an in-depth attack simulation to test its incident response protocol. Could you give some advice on how other organizations could go about enacting similar tests? How far would you say is too far in such a simulation?

Does Your Organization Need a Chief Trust Officer? (eSecurity Planet) Many organizations today have a chief information security officer (CISO), and a growing number also have chief privacy officers. A few organizations are adding another C-level executive, one who is responsible

Ways to prevent or keep your child safe from cyber-bullying (CBS42) It's a problem that's harming more and more children every day. With the majority of kids online these days, cyberbullying is becoming a topic no parent should ignore. From receiving threatening texts and emails, harmful comments on social media, or even someone posing as your child to portray them in a bad light; cyber-bullying is destroying kid's lives, and even pushing some take their own lives

How to raise children on the internet (Quartz) My wife and I have developed an open approach to raising children. As a result, the rise of the internet, Facebook, Twitter, etc. has been especially interesting. It has worked well for us. We have no restrictions on content built into any of the devices or websites. Instead, here are the rules that we have imposed

Research and Development

Cryptography Could Add Privacy Protections to NSA Phone Surveillance (MIT Technology Review) Cryptography could enforce limits on data collected for surveillance data while still permitting agencies to do their jobs, argues a Microsoft researcher

Kaspersky Lab Patents Method for Detecting Malware That Conceals its Presence in the System (Kaspersky Lab) Kaspersky Lab has obtained a patent for a method of detecting malware that has been masked by rootkits — special programs capable of altering the outcomes of system functions. Patent no. 8677492, issued by the US Patent and Trademark Office, describes the operation of a security solution with a special module that duplicates some functions of the operating system's (OS) kernel. This ensures that the security solution has reliable information even if the OS is infected with a rootkit

Academia

Online cryptography competition starts Thursday (Daily Record) The Kryptos Codebreaking Challenge, developed by Central Washington University mathematics professor Stuart Boersma and Western Oregon University Cheryl Beaver mathematics professor, is centered on the cryptanalysis, or breaking, of ciphers, or secret writing

Legislation, Policy, and Regulation

Colombia Prepares New Cyber Security Strategy (Nearshore Americas) The Colombian government is drawing up a new cyber defense strategy to deal with the growing rate of cyber attacks, as the Andean country continues to use information technology to overhaul its education and healthcare sectors

UK says investigating spy and police agencies' use of private data (Reuters via the Chicago Tribune) Britain's law enforcement and intelligence agencies may be overusing authorisations to access private communications data, the official who regulates the activity said on Tuesday, declaring he had begun an investigation into the matter

Lawmakers push US attorney general for NSA surveillance changes (PCWorld) Several U.S. lawmakers on Tuesday urged the nation's attorney general to curtail the National Security Agency's collection of overseas electronic communications, saying President Barack Obama's promise to revamp a surveillance program focused on U.S. telephone records didn't go far enough

Obama privacy chief wants NSA phone-snooping program to end now (Ars Technica) Watchdog expects "short transition" period from constitutionally suspect surveillance

At Naval Academy, Clinton calls on leaders to balance technology, privacy (Baltimore Sun) In Annapolis talk, former president says surveillance shouldn't trump liberty

Director of National Intelligence hopeful increased security, audits can stop leaks (WTOP) "Tag the data, tag the people." Director of National Intelligence James Clapper says that's the "bumper-sticker mantra" of a key part of the intelligence community's plan to prevent another catastrophic release of information like the one former NSA contractor Edward Snowden pulled off last year. The extent of the damage revealed in the numerous programs, sources and methods Snowden farmed out to journalists and activists may not be fully known for years, according to experts

FTC Privacy Enforcement Power Wins Court Blessing (InformationWeek) The agency's claim against Wyndham Hotels for poor data security practices has been allowed to proceed

Consumers fed up with data breaches, and the government is listening (FierceITSecurity) High-profile data breaches at Target, Neiman Marcus, and most recently Experian, have received the attention of federal agencies, Congress and state legislatures and state attorneys general. Consumers are fed up with the lax information security approaches of major companies and that unhappiness is being felt in government at all levels

Making Retailers Liable for Damages from Hacking (Top Tech News) More fallout from the Target data breach: Now California lawmakers say retailers should be held liable for such hacks. One bill would shift the responsibility for any data breach from the banks and credit card issuers to the retail businesses where the breach occurred. The measure may create the year's biggest business dispute

Utah law shields electronic device locations and communication content (SC Magazine) Utah enacted the first-ever legislation to regulate both government access to electronic devices' location information and electronic communications content last week

Litigation, Investigation, and Law Enforcement

Snowden's Lawyer, Whistleblowers Converge At USC (Neon Tommy) Three prominent whistleblowers spoke at noon Tuesday at the University of Southern California's Annenberg School of Communication and journalism, kicking off a two-day American Whistleblower Tour Event

Fort Hood opens debate about secrecy of medical records (The Hill) Army officials say one thing that could have helped prevent last week's shooting at Fort Hood is better information sharing with commanders about the mental and behavioral health histories of incoming soldiers

Facebook data scraped, people profiled as "jerks" and scammed by Jerk.com, FTC says (Naked Security) Aww, a sweet photo, depicting the intimate family moment of a mother nursing her child, put up by a new website

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

InfoSec World Conference & Expo 2014 (, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

IT Security Entrepreneurs Forum (ITSEF) 2014 (, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...

Defensive Cyberspace Operations & Intelligence Conference (, January 1, 1970) Two days of presentations, workshops, training, and networking on defensive operations and intelligence activities in cyberspace. Speakers from government, universities, and industry will share their insights...

SOURCE (, January 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals...

2014 GovCon Cyber Summit (McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...

2014 Computer Security Day (Eugene, Oregon, USA, April 11, 2014) The Fourth Computer Security Day at the University of Oregon will feature a slate of distinguished speakers from academia, industry, and government, discussing current challenges and future opportunities...

Women in Cybersecurity Conference (, January 1, 1970) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...

US News STEM Solutions: National Leadership Conference (, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

United States Cyber Crime Conference 2014 (, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.