skip navigation

More signal. Less noise.

Daily briefing.

Heartbleed continues to make vendors, enterprises, and users scramble. There may be signs of the vulnerability's exploitation ("fragging" the Call of Duty MMOG), but the evidence remains ambiguous. CERTPolska publishes an interesting rundown of the bug and its implications for Tor. BlackBerry, Cisco, and Juniper Networks all warn that their products have been affected; Twitter seems to have escaped. Affected mobile apps include (the very popular) Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica.

Much advice on how to protect yourself against Heartbleed is on offer, but changing all passwords immediately and indiscriminately isn't a particularly good idea: at least find out if a service is (1) affected, and (2) fixed. Various tools for checking and fixing Heartbleed have been released: evaluate and use them with prudent circumspection. One issue is legal: checking a third-party site's security without permission may run afoul of laws, including the US Computer Fraud and Abuse Act and the UK's Computer Misuse Act.

Heartbleed's malign effects are expected to linger indefinitely, as many affected applications—particularly home systems—will almost certainly never be patched.

Security experts consider how similar vulnerabilities might be prevented, and consider what Heartbleed means for the future of open source.

FireEye's Mandiant unit releases its annual threat report to considerable interest. Why have China's PLA cyber units become (apparently) quiescent? Will Iran and Syria become major offensive players?

SecurityWeek talks evasion and advanced sandboxing.

Threat information sharing gets a boost in the US: it (probably) won't expose companies to anti-trust litigation.

Notes.

Today's issue includes events affecting Canada, China, Dominican Republic, Estonia, European Union, India, Iran, Malaysia, Norway, Poland, Russia, Syria, Turkey, Mexico, Ukraine, United Kingdom, United States..

We direct your attention to a follow-up article related to SINET ITSEF 2013: in an exclusive interview, the Director General of Norway's National Security Authority talks with the CyberWire about how one sophisticated country sees security in an increasingly complex cyber environment.

Dateline SINET ITSEF 2014

Exclusive: Interview with Kjetil Nilsen Director General, Nasjonal Sikkerhetsmyndighet (NSM — Norway's National Security Authority) (The CyberWire) The CyberWire interviewed Mr. Kjetil Nilsen, Director General of Norway's National Security Authority (NSM), who delivered the final keynote at SINET ITSEF 2014. Mr. Nilsen's agency is responsible for information assurance, cyber security, cryptography and other national protective security services. NSM also leads NorCERT and a public-private partnership that includes Norway's national sensor network. Mr. Nilsen shared his perspective on the role of trust and cooperation in coping with an increasingly complex threat environment

Homeland Security Deputy Secretary Mayorkas' Trip to California and the IT Security Entrepreneurs' Forum (Imperial Valley News) Yesterday, Deputy Secretary of Homeland Security Alejandro Mayorkas traveled to California where he delivered remarks at the 8th annual IT Security Entrepreneurs' Forum hosted by the Security Innovation Network to discuss the cyber threat landscape and the importance of innovation in the field

Cyber Attacks, Threats, and Vulnerabilities

Call of Duty 'fragged using OpenSSL's Heartbleed exploit' (The Register) So it begins … or maybe not, says one analyst

Hackers prepping for OpenSSL Heartbleed attacks (CSO) Hackers suspected of listing 10,000 domains that the flaw has made vulnerable on Pastebin

Canada halts online tax returns in wake of Heartbleed (CSO) Canada Revenue Agency anticipates restoring services by weekend

Heartbleed in TOR (and in Poland) (CERTPolska) In the last few days most popular vulnerability seems to be CVE-2014-0160. This two years old vulnerability was in OpenSSL library and allows to read a part of the memory of the process. The use of this library is very prevalent not only in the server environments (e.g. WWW, or mail), but also on desktops in some client applications. However, the most popular browsers are not affected in any way. We publish our analysis of this CVE and its effect on TOR and Polish network. Information on the Electronic Frontier Foundation Deeplinks blog allows to speculate that the intelligence agencies knew about the bug a year ago and actually used it

Blackberry, Cisco Products Vulnerable to OpenSSL Bug (Threatpost) Vendors are continuing to check their products for potential effects from the OpenSSL heartbleed vulnerability, and both Cisco and BlackBerry have found that a variety of their products contain a vulnerable version of the software

Heartbleed Found in Cisco, Juniper Networking Products (Bloomberg) The Heartbleed Web-security flaw has been found in the hardware connecting homes and businesses to the Internet, underscoring the amount of time and effort that will be needed to defuse the threat

Twitter, at least, dodged the horrors of Heartbleed (CSO) Users have to be careful protecting their data because the vulnerability existed for years on many sites

The Other Side of Heartbleed — Client Vulnerabilities (Internet Storm Center) We're getting reports of client applications that are vulnerable to the heartbleed issue. Just as with server applications, these client applications are dependant on vulnerable versions of OpenSSL

Heartbleed Bug—Mobile Apps are Affected Too (TrendLabs Security Intelligence Blog) The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica

Heartbleed Explained (Critical Watch) Vulnerability in OpenSSL handling of the SLL heartbeat request that triggers a buffer over-read, resulting in confidential Information being disclosed

The Heartbleed Bug: Cutting Through the Noise (Cyveillance) As a trusted security partner, our phones have been blowing up the past 24 hours with clients calling to ask us about the Heartbleed bug found in the OpenSSL library. It's been all over the news, and some of the brightest security minds out there are throwing around really scary words like "catastrophic" and "doomsday". We've been delving into the details the last few days, and working in cooperation with our friends at Codenomicon, the security vendor that discovered the bug

Heartbleed Bug: What Can You Do? (Krebs on Security) In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many readers are understandably anxious to know what they can do to protect themselves. Here's a short primer

Here's some really bad Heartbleed bug advice about changing your passwords (Graham Cluley) A lot of folks are going around at the moment telling the public to change all of their passwords in response to the serious Heartbleed internet security bug. For instance, here's what the Tumblr website (owned by Yahoo) has told its users

The Heartbleed genie is out of the bottle — now what? (ComputerWeekly) The Heartbleed vulnerability in OpenSSL has been recognised as a major blow for internet security and open source development. But the first thing businesses need to do is verify whether their version of OpenSSL is affected

How Heartbleed Broke the Internet — And Why It Can Happen Again (Wired) Stephen Henson is responsible for the tiny piece of software code that rocked the internet earlier this week. The key moment arrived at about 11 o'clock on New Year's Eve, 2011. With 2012 just minutes away, Henson received the code from Robin Seggelmann, a respected academic who's an expert in internet protocols. Henson reviewed the code — an update for a critical internet security protocol called OpenSSL — and by the time his fellow Britons were ringing in the New Year, he had added it to a software repository used by sites across the web

Heartbleed: Examining The Impact (Dark Reading) With Heartbleed, there's little hope of knowing if an asset was breached, if a breach can be identified, or what, if any, data was leaked. Here's how to defend against future attacks

Heartbleed Will Go On Even After The Updates (Dark Reading) What's next now that the mindset is 'assume the worst has already occurred?'

Many Devices Will Never Be Patched to Fix Heartbleed Bug (MIT Technology Review) Home automation systems and networking equipment vulnerable to a major encryption flaw are unlikely to be fixed

Mexico Cyber Criminals 'Kidnapping' Business Computer Systems (InSightCrime) Hackers in Mexico have found a profitable illicit enterprise in extorting businesses by hijacking computer systems, another dimension in the country's large and growing cyber crime industry

Advantech WebAccess webvact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability (Zero-Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

High-earners are three times more likely to be victims of identity fraud (Quartz) If you live in North America or Europe and are paid over $85,000 a year, you are three times more likely to be defrauded than those who earn less, according to Trustev, an online anti-fraud company. A salary of $85,000 is hardly enough to qualify someone as rich in those countries, but in the United States it would put you in the top quartile of earners (top 6% if you're single) and far above the national average or median wage

ATMs on Windows XP: How Risky Is It? (eSecurity Planet) Microsoft has ended official support for Windows XP. What does that mean for the security of the world's ATMs, most of which run XP?

Windows XP Alive & Well in ICS/SCADA Networks (Dark Reading) End-of-life for XP support not raising many red flags in critical infrastructure environments, where patching is the exception

Security Patches, Mitigations, and Software Updates

Cisco finds 13 products (so far) vulnerable to Heartbleed—including phones (Ars Technica) Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it's not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve random bits of content from an attacked device's memory. Cisco's IOS XE operating system for network hardware is one of the higher-profile products on the company's list

Google Bulks Up Security for Android Phones (Recode) At a time when security vulnerabilities are disturbingly prominent, Google said it is bulking up security for Android phones to provide users more protection

Cyber Trends

Iran to rival China in cyber war on west (The Australian) Iran and Syria are emerging as powers to be reckoned with in global cyber warfare, with hackers in Tehran especially posing an ever-increasing threat, experts have warned

The mysterious disappearance of China's elite hacking unit (Washington Post) The company that helped uncover major online security breaches from China last year says exposing the hackers had the effect of shutting them down — at least temporarily

Just One-Third of Organizations Discover Breaches on Their Own: Mandiant (SecurityWeek) FireEye-owned Mandiant has published the latest release of its Mandiant M-Trends report, which provides analysis on the threats of 2013 and highlights emerging global threat actors and the types of targets and information they have in their sights

M-Trends® 2014: Beyond the Breach (Mandiant: A FireEye Company) Mandiant's annual threat report, reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced persistent threat (APT) actors have evolved over the last year. The report, compiled from hundreds of Mandiant incident response investigations in more than 30 industry sectors, also includes approaches that organizations can take to improve the way they detect, respond to, and contain advanced attacks

Security Threats: Risk's Often Neglected Step Child (SecurityWeek) According to Gartner ("Security and Risk Management Scenario Planning, 2020"), by 2020, 30% of global 2000 companies will have been directly compromised by an independent group of cyber activists or cyber criminals. This prediction is not surprising, considering the fact that leading risk indicators are difficult to identify when the organization's cyber foes, including their strategy, competences, and actions, are unknown. In turn, many organizations still focus on control gaps and vulnerabilities when performing risk assessments and neglect taking threats into account. This can lead to inaccurate prioritization of remediation actions and inefficient allocation of resources

Why CFOs Must Lead the Discussion on Cyber Security (CFO Global) Early this year, Target was in the midst of controversy as a cyber security breach leaked the private information of its online consumers. Now, Target CFO John Mulligan must testify before Congress and discuss the details of online customer information theft. An estimated 40 million credit card numbers were stolen alongside the contact information for over 70 million people. When the breach went public, Target spent an estimated $61 million on damage control, fixing the breach, and securing the website from future attacks

LTE: The need for speed opens up security potholes (FierceITSecurity) Mobile operators' deployment of high-speed 4G LTE networks has opened the door to security threats because of vulnerabilities inherent in the all IP architecture, warns Stephane Teral, principal analyst for mobile infrastructure and carrier economics at Infonetics Research

Cyber Crime Explosion Leads To Security Update Releases Every 40-50 Minutes (Misco) The level of cyber criminal activity has reached such proportions that security solution providers are being forced to roll out updates every 40 to 50 minutes, according to Symantec, the US company behind the Norton Internet Security package

Marketplace

An introduction to cyber liability insurance cover (ComputerWeekly) For years, security professionals have been saying "either you have been data breached or you just do not know that you have been data breached." Data breaches are now a fact of life together with taxes and death, but how can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them? One of the options is to buy an insurance

AEGIS London launches Next generation of cyber insurance product (Insurance Business Review) Lloyd's of London insurer AEGIS London has rolled out a new breed of cyber insurance product following a major study of the evolution of cyber risk in the energy sector and its impact on so-called critical infrastructure businesses

ESET Focused on Growing Presence in Indian Market (Parda Phash) ESET, global provider of security solutions for businesses and consumers, focusing on growing presence in Indian market. The Federation of Indian Chambers of Commerce and Industry (FICCI) have recently conducted the India-Central Europe Business Forum on 27-28 March in New Delhi, the first in the series. This business forum was focused on promoting multifaceted industry engagement with highly promising Central European economies including Slovakia

Palo Alto Networks® Completes Acquisition of Cyvera (MarketWatch) Palo Alto Networks® PANW +1.83%, today announced it has completed its acquisition of Cyvera Ltd., a privately held cybersecurity company located in Tel-Aviv, Israel. Originally announced on March 24, 2014, Palo Alto Networks acquired Cyvera for an aggregate purchase price of approximately $200 million

CACI's Six3 Systems deal named best of the year (Washington Technology) From the moment CACI International's acquisition of Six3 Systems was announced last year, it had all the markings of a top deal of the year

Parsons Expands Md. Cyber Center with New Training, Conference Facility (ExecutiveBiz) Parsons Corp. has launched a training and conference center in Columbia, Md. The 4,000-square-foot facility located in Parsons' Columbia cybercenter houses operations areas, labs and innovation centers, the company said Tuesday

Lunarline Narrows Search for New Facility to Support its Rapid Growth (Broadway World) Lunarline Inc, a Service Disabled Veteran Owned Small Business and one of the country's leading cyber security companies, announced today that it has narrowed its search for a new security operations facility to Kettering, Ohio though the company is still considering other locations

How to stop the next Heartbleed bug: pay open-source coders to protect us (The Guardian) Don't wait for the next Snowden to tell us if the NSA's been using this privacy hole, too. Help support more heroes of the free and secure web to spot the next one

Symantec simulation could be a recruiting tool (FCW) Symantec has been hosting cyber-readiness simulations for a couple of years, but this week's event in Washington, D.C., was the first the firm has held for federal executives with a workforce shortage in mind

Products, Services, and Solutions

Your phone has Heartbleed? Lookout's Detector app can tell (Android Authority) Following this week's discovery of the serious Heartbleed bug in OpenSSL, mobile security company Lookout released an Android tool that will help users detect the presence of the security vulnerability on their Android devices

Free Heartbleed-Checker Released for Firefox Browser (Dark Reading) Browser plug-ins arrive for Firefox and Chrome that scan websites for Heartbleed risk

At Feds' request, GoGo in-flight Wi-Fi service added more spying capabilities (Ars Technica) GoGo hands over user data "if we believe… that such disclosure is necessary"

Leading schools use WatchGuard Technologies to secure student Web access, critical network data (ITWeb) WatchGuard Technologies, a leader in integrated security platforms, announced that the Carol Morgan School, one of the Dominican Republic's leading non-profit, private K-12 grade schools, is using WatchGuard's Unified Threat Management (UTM) platforms with WatchGuard Dimension to secure its network and manage student access to online resources and applications

What is a Threat Intelligence Platform (ThreatConnect News) Last week, Anton Chuvakin from Gartner wrote a blog about what he is calling an Intelligence Management Platform. He includes some thoughts by Facebook on how they are building their own platform. He alludes to non-public sources and I'm sure ThreatConnect™ is one, so rather than keep you all in suspense, I thought this would be an opportune time for ThreatConnect to say what we think a Threat Intelligence Platform is

Protect your device from malicious ads (CNET) The chances of encountering a malware-bearing ad on your phone or tablet are increasing. But blocking ads on mobile is neither easy nor very effective. Here's a better approach to ad-blocking on your device

Technologies, Techniques, and Standards

The effect of the Heartbleed bug on open source projects (Help Net Security) The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of worms

Heartbleed: Making The Case For SDN (InformationWeek) Software-defined networking technology could help protect against vulnerabilities like Heartbleed. It's time to develop a more mature SDN option

Turning the Tables: Using Evasion Tactics to Help Prevent Malware Infection (SecurityWeek) Sandboxing is a relatively new trend in malware analysis. It allows companies, such as antivirus vendors, to execute malicious malware in an environment where it can't do any real damage. By watching what the executable does, security researchers can identify whether the software is malicious or if it's a legitimate application users genuinely want to install. For example, if an unknown application is executed in the sandbox and is observed sending passwords to a random website in a foreign country, the executable is likely malware. If no such observations are made, then it's "probably" goodware

Securing Passwords with Bcrypt Hashing Function (Hacker News) Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have

Hackathons Should Be More Than A Circus (InformationWeek) Tapping into developer talent at a hackathon should be fun, but don't lose sight of the potential business benefits

Beat it, bloatware: How to clean the crap off your PC (PCWorld) Boot up a new PC for the first time, and you should be able to watch it fly. Instead, it may sputter and struggle to get off the ground, thanks all the preinstalled junk that vendors habitually dump onto new PCs

Design and Innovation

Government-Run Competitions Should Be About Markets, Not Prizes (Nextgov) Running a prize competition in government or industry is about "understanding where the market's going in 10 years and trying to make it go there in three years," Christopher Frangione, vice president for prize development at the X Prize Foundation, told members of Congress on Wednesday

Academia

CDX pits NSA hackers against service academies (FCW) A low-slung building in a suburban office park might seem an unlikely setting for military war games, but that's exactly what's taking place at the Columbia, Md., outpost of the Parsons Corporation

Tripwire Donates $11.75M Cybersecurity Service to Penn State (Dark Reading) Gift is a cloud-based risk and analytics cybersecurity service to the Center for Cyber Security, Information Privacy and Trust

Legislation, Policy, and Regulation

2 Regulators Issue Guidelines on Sharing Cyber Security Information (New York Times) Sharing information between companies about threats to cybersecurity is not likely to raise antitrust concerns, the Justice Department and the Federal Trade Commission said Thursday

Blowing the Whistle at Your Agency May Have Just Gotten Easier (Government Executive) Federal whistleblowers will soon have new allies on Capitol Hill. Sen. Chuck Grassley, R-Iowa, announced Thursday he will create the Senate Whistleblower Caucus to ensure protections for federal employees exposing wrongdoing at their agencies are being enforced

Goodlatte: NSA reform can't dodge Judiciary Committee (Politico) House Judiciary Committee Chairman Bob Goodlatte (R-Va.) declared Thursday that he'll fight any effort to move National Security Agency surveillance reform legislation to the House floor without going through his panel

Top U.S. lawmaker: intelligence top priority in defense bill (Reuters via the Chicago Tribune) The chairman of the U.S. House Armed Services Committee said on Thursday that intelligence, surveillance and reconnaissance capabilities would be top priorities as the panel puts together this year's massive defense policy bill

HHS pushes state agencies to share data (FierceGovernmentIT ) Information sharing since 9/11 has been associated mostly with intelligence and counterterrorism. But the Health and Human Services Department is also trying to bring together information dispersed across the numerous state systems used for HHS-funded programs

Menendez Slams 'Dumb' Criticisms of Obama's Secret Social Media Program in Cuba (Foreign Policy) The chairman of the Senate Foreign Relations Committee on Thursday tore into critics of a controversial U.S.-backed social media program in Cuba. The program, created by the U.S. Agency for International Development and run with the help of American contractors, established a Twitter-like social media site on the Communist island called ZunZuneo but was shuttered after two years with little to show for it

Super-cyber Turkey in Syberia (Hurriyet Daily News) Jamie Shia, NATO's deputy assistant secretary general for emerging security challenges, once said: "One hundred twenty countries currently have or are developing offensive cyber-attack capabilities which are now viewed as the fifth dimension of warfare after space, sea, land and space." The Turks took that very seriously — well, at least the idea. Last June, the Turkish government launched the Center for Response to National Cyber Threats. Earlier, the Turkish military headquarters had formed a Cyber Warfare Command

Can Malaysia handle cyber attacks? (Free Malaysia Today) Cyber security is a growing concern worldwide. Hacking is rampant and the threat is real to any nation, for its implications can be far-reaching

Litigation, Investigation, and Law Enforcement

It may be ILLEGAL to run Heartbleed health checks — IT lawyer (The Register) Do the right thing, earn up to 10 years in clink

Whitehat hacker breaches UMD servers to jump-start security remediation (Help Net Security) Daving Helkowski, a software architect/engineer working for software consultancy Canton Group, has made a serious mistake that has already cost him his job and might end up costing him even more

NSA subverted EU privacy laws, spied on human rights orgs (Help Net Security) In a testimony delivered by video-link from Moscow, NSA whistleblower Edward Snowden has revealed to EU parliamentarians that the US NSA is actively spying on human rights organizations such as UNICEF and Amnesty International

The Snowden Saga: 10 Key Questions Regarding His National-Security Disclosures (Vanity Fair) In the 10 months since The Guardian and The Washington Post published the first disclosures based on documents leaked by Edward Snowden, a vigorous debate about the National Security Agency's aggressive intelligence-gathering activities has erupted. An in-depth account of Snowden's journey from N.S.A. contractor to world-famous whistle-blower, published in the May issue of Vanity Fair, injects a much-needed dose of humanity into the conversation, showing how Snowden's experiences shaped his decisions. But it's also worth examining the key questions that concerned citizens in America and around the world have been asking ever since the sheer scope of the N.S.A.'s efforts became clear. Ahead, VF Daily addresses 10 such questions, with input from Snowden's legal representative, Ben Wizner, the director of the American Civil Liberties Union's Speech, Privacy & Technology Project

Ukraine Boasts of Rounding Up Russian Spies. Will Washington Notice? (Foreign Policy) To hear Ukraine tell it, you'd think their fledgling new government is full of crack spy hunters rooting out every Russian mole and agitator from Kiev to Kharkiv. Ukraine's main security agency, the SBU, has been keeping a running tally of all the Russian provocateurs who've been discovered or captured in the past month. The list includes an alleged "espionage ring of the military intelligence of the Russian Federation," a Russian and three Ukrainians who were preparing to hand over computer hard drives to Russia's security service, and a Russian woman attempting to "destabilize the situation in the southern regions of Ukraine." An SBU Web site shows what appears to be the woman's social media page, where she poses in combat fatigues while sporting an assault rifle

70 People Arrested for Airline Ticket Fraud (eSecurity Planet) According to Europol, the arrests took place in 23 countries, in connection with 265 fraudulent ticket purchases

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2014 Computer Security Day (Eugene, Oregon, USA, April 11, 2014) The Fourth Computer Security Day at the University of Oregon will feature a slate of distinguished speakers from academia, industry, and government, discussing current challenges and future opportunities...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

STEM Café (Geneva, Illinois, USA, May 6, 2014) At the next STEM Café, Raimund Ege, associate professor in NIU's Department of Computer Science, will lead a lively discussion on how computer crime affects our everyday lives and what we can do to protect...

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.