skip navigation

More signal. Less noise.

Daily briefing.

We lead with links to three informative Heartbleed overviews: what it is, how it was discovered, and what its larger implications are.

Among those implications is, now, exploitation in the wild. Canada's tax service suspended web operations and extended filing deadlines after hackers extracted taxpayer information through Heartbleed holes. The bug is also blamed for a data breach in British parenting site Mumsnet. Other victims are widely expected to turn up at any time, and the problem isn't confined to servers: Android devices, for example, are also vulnerable, as are at least forty-eight cloud apps. Analysts discern Heartbleed exposure in virtual private networks and (attention Tor users) the Deep Web.

A thoughtful article in CIO reflects on Heartbleed and raises an important issue: "If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix."

The SANS Internet Storm Center sounds a rare optimistic Heartbleed note: IT teams are aware of the vulnerability and are taking appropriate action. Patches and mitigations continue to roll out (but Akamai has to recall theirs). VMWare alone plans twenty-seven patches this week.

Cyber threat information sharing advances on at least three fronts: agriculture (with collaboration planned among the AFBF, Monsanto, DuPont, and John Deere), retail, and the electrical grid.

Anonymity tools Tails and DuckDuckGo receive consumers' attention.

The first phase of the TrueCrypt audit is encouraging: no major issues found.

US policymakers deny exploiting Heartbleed. US DNI Clapper calls for inter-security-agency transparency.

Notes.

Today's issue includes events affecting Brunei, Burma, Cambodia, Canada, China, Estonia, Georgia, Germany, India, Indonesia, Israel, Italy, Laos, Malaysia, Netherlands, Philippines, Romania, Singapore, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

The Heartbleed Bug (Heartbleed Bug (h/t Bruce Schneier)) The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs)

Heartbleed disclosure timeline: who knew what and when (Sydney Morning Herald) Who knew about Heatbleed first? We detail the timeline. Ever since the "Heartbleed" flaw in encryption protocol OpenSSL was made public on April 7 in the US there have been various questions about who knew what and when

How Heartbleed Happened, The NSA And Proof Heartbleed Can Do Real Damage (Forbes) Last week during the Heartbleed chaos I wrote two articles, one outlining how to stay safe and the other explaining what heartbleed actually is. As we enter this week it is clear that we are far from out of the woods, indeed I will shortly explain why Heartbleed is going to be around for some time to come, but now that a great deal of patching and password re-setting has occurred it seems like a good time to reflect on a few of the recent revelations

Canadians' Tax Data Stolen in Heartbleed Breach (AFP via SecurityWeek) Personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the "Heartbleed" bug, officials in Ottawa said on Monday

Mumsnet becomes first known UK victim of Heartbleed bug (ComputerWeekly) Parenting website Mumsnet is the first known UK victim of hackers exploiting the recently discovered Heartbleed bug

US government warns over Heartbleed hacker attempts (ITPro) The US government has warned businesses to be on alert for hackers seeking to steal data exposed by the "Heartbleed" bug, as a German programmer took responsibility for the widespread security crisis

Computer hacking expert says more bad news to come from Heartbleed (The Canadian Press via City News Toronto) The fallout from the Heartbleed bug could go far beyond just 900 social insurance numbers compromised at the Canada Revenue agency

BlackBerry Messenger and Secure Work Space affected by Heartbleed security flaw in OpenSSL (Computing) BlackBerry, the maker of security-hardened smartphones, is the latest vendor to be affected by the Heartbleed bug in the OpenSSL stack

Vicious Heartbleed bug bites millions of Android phones, other devices (Ars Technica) Not the exclusive province of servers, Heartbleed can hack end users too

Android devices await Heartbleed fix (BBC) Millions of Android devices remain vulnerable to the Heartbleed bug a week after the flaw was made public

Heartboned: Why Google needs to reclaim Android updates (ZDNet) Despite the best efforts of Google, last week's Heartbleed events show that much work remains before Android is up to par on its updating process

Heartbleed's Intranet & VPN Connection (Dark Reading) How the game-changing crypto bug affects internal servers, clients, and VPN networks — and what to do about it

Heartbleed flaw still exists at Disqus, ShareThis, and 46 other cloud apps (CSO) The Heartbleed storm is still in full force. A week after the initial disclosure of the critical flaw in OpenSSL, a new threat dubbed Reverse Heartbleed has also been identified, and many vulnerable sites and applications are still scrambling to patch and update

Heartbleed Impacting the Deep Web? (Trend Micro Simply Security) News of this week's massive and far reaching OpenSSL vulnerability "Heartbleed" has put all of us on our heels. In what I would call the equivalent of an Internet oil spill, individuals and organizations are scrambling to discover how to clean up this mess and get on with business as usual. This will not be trivial or a quick fix. I say this with conviction as I personally know the challenges of keeping large amounts of highly complex infrastructure patched and secure to support both revenue and critical business operations

Heartbleed Poses Risk to Clients and the Internet of Things (Symantec Connect) While most of the focus on Heartbleed has been on vulnerable public websites, the bug affects much more than this. While most popular sites are no longer vulnerable, this does not mean that end-users can drop their guard

Heartbleed Especially Risky for SMBs (eSecurity Planet) Enterprises with IT security staffs should find it easy to implement the patch for the Heartbleed vulnerability. But small companies may struggle to protect their websites and customers, experts say

With Heartbleed, IT Leaders Are Missing the Point (CIO) If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix

9 expert opinions on the 'Heartbleed Bug' (SC Magazine) Considered one of the most significant internet security vulnerabilities to date — affecting websites, emails, direct messages and other communications utilizing SSL/TLS encryption — the 'Heartbleed Bug' quickly made headlines around the world. Security experts have plenty to say about the vulnerability, and we've compiled the opinions of some of them in this slideshow

Crimeware Helps File Fraudulent Tax Returns (Krebs on Security) Many companies believe that if they protect their intellectual property and customers' information, they've done a decent job of safeguarding their crown jewels from attackers. But in an increasingly common scheme, cybercriminals are targeting the Human Resources departments at compromised organizations and rapidly filing fraudulent federal tax returns on all employees

Flash SMS Flaw in iOS Can Be Exploited to Make the Lock Screen Unresponsive (Softpedia) Romanian security researcher Bogdan Alecu has identified a Flash SMS (Class 0) flaw in iOS that can be exploited to make the SpringBoard lock screen unresponsive. The expert has described an attack scenario in which the bug can be leveraged by cybercriminals

Arbitrary Code Execution Bug in Android Reader (Threatpost) The Android variety of Adobe Reader reportedly contains a vulnerability that could give an attacker the ability to execute arbitrary code on devices running Google's mobile operating system

Threats in the Cloud — Part 2: Distributed Denial of Service Attacks (Microsoft Security Blog) Organizations that operate or use Internet connected services such as websites, portals and Cloud services need to be aware of threats that can disrupt service. In the first part of this series I discussed Domain Name System (DNS) attacks and their potential to disrupt services and infect large volumes of users with malware. This article discusses Distributed Denial of Service (DDoS) attacks using insights from the latest volume of the Microsoft Security Intelligence Report

Hackers may have accessed details of 500,000 considering cosmetic surgery (The Guardian) Initial inquiry forms submitted online to Harley Medical Group may have been accessed in cyber-attack, firm says

Remember Ellie Mae's cyber attack? It didn't happen (Housingwire) Company says no evidence of malicious attack found after investigation

LaCie Acknowledges Year-Long Data Breach (eSecurity Planet) Customers who made online purchases between March 2013 and March 2014 are affected

VFW Hacked (eSecurity Planet) A hacker believed to be from China accessed 55,000 VFW members' names, addresses and Social Security numbers

Security Patches, Mitigations, and Software Updates

INFOCon Green: Heartbleed — on the mend (Internet Storm Center) We are going back to INFOCon Green today. Things have stabilized and the INFOCon is used to indicate change. Awareness of Heartbleed is well saturated and Internet teams everywhere appear to be responding appropriately

Akamai admits its OpenSSL patch was faulty, reissues keys (IT World) Researcher Willem Pinckaers found a hole in Akamai's OpenSSL code tweak, used for a decade, in 15 minutes

VMware reveals 27-patch Heartbleed fix plan (The Register) Go buy your vSysadmins a big choccy egg: their Easter is in peril

Heartbleed Defense-in-Depth Part #1: Preventing Admin Session Hijacking (Duo) This post is the first of a blog mini-series (is that even a term?) around the Heartbleed vulnerability and some of defense-in-depth techniques we've had in place for years that helped mitigate its impact

Google issues patch for Android icon permissions attack (ComputerWorld) FireEye found malware that could change other icons, sending victims to phishing sites

Jetpack pushes update to close critical security hole (Help Net Security) The developers of Jetpack, one of the most widely used WordPress plugins, are urging users to download and implement the latests versions that fix a critical security bug

Cyber Trends

Farm machines harvest Big Data, reap privacy worries (Ag Professional) Steps away from a replica of the revolutionary 1837 steel plow at tractor company John Deere's headquarters sits a combine as big as a tank and packed with computer wizardry that harvests huge volumes of valuable data as it gathers crops

U.S. retailers to share cyber threat data after Target attack (Reuters via the Chicago Tribune) U.S. retailers are planning to form an industry group for collecting and sharing intelligence about cyber security threats in a bid to prevent future attacks in the wake of last year's big attack on Target Corp

Electric Grid Safety Hinges on Partnership and Information Sharing (infosec island) Electric utilities have been focused on improving the safety and reliability of the complex and dynamic electric grid for years, testified Sue Kelly, president and CEO of the American Public Power Association (Public Power) at a Senate Energy and Natural Resources Committee hearing today. Kelly testified on behalf of investor-owned, cooperatively owned, and publicly owned utilities, as well as independent generators and Canadian utilities. The industry's top priority is to protect critical power infrastructure from cyber and physical threats by partnering with all levels of government and sharing critical information, she said

Raoul Chiesa — from cybercrime to state-sponsored hacking (Security Affairs) Raoul Chiesa gives us his view on the current cyber threat landscape, from Snowden's case to the links between cyber crime and state-sponsored hacking

Big data is not about petabytes, but complex computing (FierceBigData ) You've heard me and several others repeatedly say that the term big data is unfortunate because it's really not about the size of the data, but about the complexity of the computing. In other words, big data tools are not contained to usage where there are petabytes of data. Those tools are useful with just about any sized data if you're doing complex computing with it. Here's why

Behind the Machine's Back: How Social Media Users Avoid Getting Turned Into Big Data (The Atlantic) To prevent being tracked by algorithms, we've begun thinking like algorithms

Chinese Military Increases Scope of Cyberattacks on the US (Epoch Times) After several major cyberattacks were traced to the Chinese military in February 2013, hackers in China's People's Liberation Army (PLA) have not only continued their attacks against the United States, but they are attacking on an even larger scale, and with greater frequency

America Is a Sitting Duck for Cyberattacks (US News and World Report) The private sector's Internet infrastructure is very vulnerable

Protecting Your Company's Reputation in a Heartbleed World (Forbes) The Heartbleed vulnerability claimed its first known victim: at least 900 Canadian taxpayers, who had their personal data compromised in the middle of tax season. Canada's tax agency made the announcement today, after temporarily shutting down its online access last Wednesday to deal with the vulnerability

Marketplace

UAE Telecommunications Regulatory Authority & Huawei to Outline Vision for National Broadband Networks (Zawya) With the rapid advancement of information & communication technologies (ICT) ushering in a new era of digital connectivity across the region, Huawei—a leading global ICT solutions provider—in association with the UAE Telecommunications Regulatory Authority (TRA) have confirmed plans to host the UAE's first Huawei Broader Way Forum 2014, examining how national broadband initiatives are expected to transform the region's socio-economic landscape in the years ahead. The full-day conference will take place on April 29, 2014, at the Radisson Blu Royal Hotel in Dubai, UAE

Luring The Elusive Cyber Security Pro (InformationWeek) Struggling to find scarce IT security talent? Make sure your hiring managers understand the certifications and match candidates for skills fit — not just credentials

GSA plans new online purchasing information repository (FierceGovIT) The General Services Administration will create an online repository containing data on much agencies have paid for particular goods and services, an April 9 GSA blog post says

Qualifying Cyber Command Staff is Harder than You Think (NextGov) The Coast Guard Cyber Command aims to qualify a couple of service members for what Pentagon officials have said will be a 2,000-member force within the next two years

Wurldtech and ENCS Enter into Partnership to Strengthen Cyber Security for Critical Infrastructures (gnomes) Wurldtech Security Technologies (Wurldtech) and the European Network for Cyber Security (ENCS) have signed a partnership agreement to improve collaboration and strengthen cyber security for critical infrastructures

James Kilbride on Security's Role in Cloud Adoption, General Dynamics' Work to Integrate Technology with Business Viewpoints & (ExecutiveBiz) General Dynamics Advanced Information Systems, James Kilbride deploys the capabilities of the firm's Cyber and Intelligence Solutions division to help government customers advance their missions

The Herjavec Group announces $250M Expansion with Acquisition of Dallas Cyber Security Integrator (IT Business Net) Robert Herjavec, Founder and CEO of The Herjavec Group (THG) and star on ABC's Shark Tank, is pleased to announce the acquisition of privately held Galaxy Tech, a Dallas based leading security integrator with key clients in every US state. Following the April 15 close, Galaxy Tech will be rebranded as THG and represents its seventh acquisition in the past decade

Twitter Acquires Analytics Co. Gnip to Better Package Its Trove of Data (Wired) Twitter just agreed to buy its long-time partner Gnip, a data company that anaylizes and sells Twitter data to a host of third parties companies. Gnip is the largest provider of social data in the world

Is Imperva's Guidance an Indication to Avoid Cyber-Security Stocks? (The Motley Fool) In a rather ugly Thursday for the broader market, shares of Imperva (NYSE: IMPV) were particularly crushed following disappointing guidance. The security software vendor lost nearly half of its valuation, and in the process affected the stock prices of peers like Palo Alto Networks, FireEye (NASDAQ: FEYE), Fortinet (NASDAQ: FTNT), and Proofpoint. Yet, given this performance, combined with that of the last month, are these losses overdone, or are they just getting warmed up

Products, Services, and Solutions

These Sites Tell Which Of Your Accounts Have Been Hacked (Forbes) Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business

DuckDuckGo is the Anonymous Alternative to Google (PhoenixTS) Google rules the world, but what about the other search engines? Do you know about ixquick, Alhea, Contenko, Dogpile, blekko, or DuckDuckGo? Do you have the time to create your own search engine with Yacy?

Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA (Wired) When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. But this month, we learned that Snowden used another technology to keep his communications out of the NSA's prying eyes. It's called Tails. And naturally, nobody knows exactly who created it

Gmail does scan all emails, new Google terms clarify (The Guardian) The search company has modified its terms of service to specifically state that 'automated systems analyse your content'

Technologies, Techniques, and Standards

Open Source Software Is the Worst Kind Except for All of the Others (CircleID) Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd

How to keep your tax return safe from the Heartbleed bug (Quartz) Looking for a silver lining in the mess stirred up by the discovery of a major flaw in the software used by many internet sites to encrypt your passwords and other private data? Good news: The so-called "Heartbleed" bug has delayed tax day. But only if you're Canadian

How to Create Awareness of the Insider Threat (CSO) Snowden causes companies to consider doing what was unthinkable

Electric grid security standards too broad, says trade group (FierceGovernmentIT) A one-size-fits-all approach to security throughout the electric grid risks diverting resources from the most crucial facilities, the head of the American Public Power Association said during a Senate hearing April 10

'Baby Teeth' In Infrastructure Cyber Security Framework (Dark Reading) NIST's modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath

Inside a Cyber Emergency Kit (Wall Street Journal) From "zero day exploits" and "ransomware" to "end of life" and "insider threats," cyber attackers are constantly coming up with new ways to attack systems, and also are finding new systems to attack

How to mitigate tracking risks: wrap your phone in tinfoil, quit Google (Ars Technica) In new book, Julia Angwin wants to live a modern life while frustrating the NSA

Is your agency ready for the cloud security deadline in June? (NextGov) A deadline for federal agencies to adhere to the government's baseline cloud security standards and changes to the standards themselves are both fast approaching

Research and Development

TrueCrypt audit finds "no evidence of backdoors" or malicious code (Ars Technica) Crypto prof: "Nothing terrible is in there, so that's reassuring"

Detecting criminal organizations in mobile phone networks (ScienceDirect) The study of criminal networks using traces from heterogeneous communication media is acquiring increasing importance in nowadays society. The usage of communication media such as phone calls and online social networks leaves digital traces in the form of metadata that can be used for this type of analysis

Quantum gate could link multiple qubits into single computer (Ars Technica) Photons could enable networking between multiple qubits

Why nobody can tell whether the world's biggest quantum computer is a quantum computer (Quartz) For the past several years, a Canadian company called D-Wave Systems has been selling what it says is the largest quantum computer ever built. D-Wave's clients include Lockheed Martin, NASA, the US National Security Agency, and Google, each of which paid somewhere between $10 million and $15 million for the thing. As a result, D-Wave has won itself millions in funding and vast amounts of press coverage—including, two months ago, the cover of Time

Academia

Former NSA head to speak at Norwich commencement (Burlington Free Press) The man in charge of the National Security Agency while it secretly monitored the communications of foreign leaders and millions of Americans will be the 2014 commencement speaker at Norwich University, the school announced Monday

University adds optional security increase to online accounts (Daily Wildcat) University Information Technology Services is taking steps to prevent online theft of information by adding an additional layer of security to websites used by UA students and staff

Stay Classy, BU: Maintaining Professionalism in an Online World (The Quad) The idea of a work-life balance isn't a new concept (but if you've never heard of it, check out this awesome TED Talk). It's the age-old question that every worker asks at some point in their career: how do I balance the demands of my personal life with the demands of my professional life?

Northrop Grumman Engineering Competition Encourages Students to Focus on Science and Technology Careers (MarketWatch) Students from Antelope Valley area high schools proved on April 5 that imagination and dedication can ignite innovation. Competing in the annual Northrop Grumman NOC +0.01% High School Innovation Challenge (HSIC), the students took on an engineering problem with limited budget, resources and time. The challenge is modeled each year after a current Northrop Grumman program or engineering capability

Virginia Students Test Cyber Skills in 2014 Governor's Cybersecurity Cup Challenge (News Channel 6) Eight teams from Virginia schools high schools competed in the final match of the 2014 Governor's Cybersecurity Cup Challenge, a state-wide cyber competition that offers students real hands-on learning experience in cyber defense

Legislation, Policy, and Regulation

Director of National Intelligence pushes for transparency among security agencies (Red and Black) The Director of National Intelligence for the United States federal government, delivered a lecture on the importance of intelligence integration and transparency Monday morning in the University of Georgia Chapel

Did the NSA know about Heartbleed all along? (Christian Science Monitor) The National Security Agency hasn't exactly been in the Internet's good graces following revelations about its extensive surveillance efforts, and a new report says the agency knew about the Heartbleed bug before everyone else, but kept it secret for its own use. How likely is the claim?

Trove of Software Flaws Used by U.S. Spies at Risk (Bloomberg BusinessWeek ) Two people familiar with the matter said that the agency was aware of the flaw and had used it as part of the intelligence gathering toolkit, as reported by Bloomberg News last week

Heartbleed denial reveals loophole for NSA spying (ComputerWeekly) The US National Security Agency has denied it knew about or exploited the Heartbleed security flaw, but government officials have revealed a loophole that would allow such actions

Heartbleed Suspicion And NSA Denial Show Why NSA's Dual Offense/Defensive Role Must End (TechDirt) We've talked for a while how dangerous and ridiculous it is that the NSA has a dual role as both handling "offensive" attacks and (supposedly) stopping incoming attacks in a "defensive" role. While technically, the NSA is supposed to be handling the "defensive" side while the US Cyber Command handles the offensive, there is no real separation between the two. The US Cyber Command is headquartered within the NSA and is run by the same person. Despite multiple recommendations to split the roles, the White House refuses to do so. Meanwhile, the NSA itself has been doing more and more offensive work anyway

The Policy Tension on Zero-Days Will Not Go Away (Lawfare) The proposition that NSA should under no circumstances stockpile zero-day vulnerabilities, but should in all cases disclose them in order to perfect defenses, apparently has appeal in some quarters. It is based on at least two false assumptions

Peter King States His Case in Quest to Be Intelligence Committee Chairman (National Journal) Contender claims he's leaving Boehner alone and focusing on staying in the news

Vital to beef up cyber security (New Straits Times) ACT NOW: Asean must lay an intellectual foundation and framework to preserve security in a borderless domain

Pakistan mulls cyber security bill to keep NSA at bay (The Register) Calls for founding of National Cyber Security Council

Litigation, Investigation, and Law Enforcement

Edward Snowden on Pulitzer winners: 'Their work has given us a better future' (The Guardian) NSA whistleblower praises Guardian and Washington Post after pair share Pulitzer prize for public service

Rep. King: 'Awarding the Pulitzer to Snowden enablers is a disgrace' (The Hill) Rep. Peter King (R-N.Y.) on Monday blasted the decision to award Pulitzer Prizes to the two major newspapers that exposed the National Security Agency's surveillance operations through documents leaked by Edward Snowden

Amerigroup data discovered in a suspect's possession — may affect 74,000 others (HackSurfer) Law enforcement in Florida was searching a suspect's car when they found printed screenshots of 183 clients' info, including "full name, social security number, date of birth, [and] city and state of residence." Investigation of the potential source revealed that over 74,000 additional records may have also been compromised

General denies clemency in Manning case (Politico) Turning aside calls for clemency, an Army general has approved the 35-year prison sentence imposed on Pfc. Chelsea (Bradley) Manning for a massive leak of military and diplomatic data to Wikileaks, the Army announced Monday

Dutch Teenager Who Tweeted Threat At American Airlines Arrested, Police Say (BuzzFeed) Rotterdam police announced arrest, but no charges have been filed. Her Twitter account has since been deleted

Zeus Malware: A Continuing Threat (BankInfoSecurity) Indictment of nine highlights fraud risk

FBI Arrests Trio For Microsoft Xbox Hacking (The Smoking Gun) A group of alleged hackers has been charged with breaking into the computer systems of the U.S Army, Microsoft, and several other firms to steal pre-release copies of popular video games like "Call of Duty," simulation software for Apache attack helicopter pilots, and confidential data that was used to create counterfeit versions of the Xbox gaming system, The Smoking Gun has learned

Bulgarian Credit Card Fraud Gang Dismantled (eSecurity Planet) 25 people were arrested, and 250 skimming devices, 2,000 blank credit cards and more than 50,000 Euros in cash were seized

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

STEM Café (Geneva, Illinois, USA, May 6, 2014) At the next STEM Café, Raimund Ege, associate professor in NIU's Department of Computer Science, will lead a lively discussion on how computer crime affects our everyday lives and what we can do to protect...

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government,...

Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.