skip navigation

More signal. Less noise.

Daily briefing.

Heartbleed patching continues as exploits circulate. The vulnerability raises questions about OpenSSL's long-term viability, even among some OpenSSL longtime creators and collaborators.

Users of Microsoft OneDrive for Business (née SkyDrive) may face a data integrity issue: OneDrive for Business appears to alter some files when it syncs.

A bogus Facebook app carries a malware payload that enables Android spying and financial account pilferage.

The Cydia Substrate (née MobileSubstrate) add-on "Unflod" continues to threaten jailbroken iOS devices. (Best defense? Don't jailbreak them in the first place.) Some analysts have tentatively attributed Unflod to Chinese operators, but this remains speculation.

The Snorters at VRT Blog publish an update on the Snake (a.k.a. Turla, a.k.a. Uroburos) rootkit.

More Internet-of-things concerns surface. Ars Technica reports that anesthesia devices can become cyber-virus ridden should smartphones be connected to their USB ports, then wonders, first, why anyone would connect a phone to a medical device (lazy charging?) and second, why anesthesia devices have USB ports in the first place (easier patching?). Bloomberg worries that widespread wireless connectivity has increased the ease with which criminals can extract money from ATM skimmers. And Wired says a couple of guys have built "Conversnitch," a device that impersonates a light bulb, but which actually eavesdrops and livetweets conversations in its vicinity.

In industry news, more talk of cyber insurance. QinetiQ continues to pursue focus through disassembly of North American operations.

Australia, India, and Brazil moot new cyber laws.

An FTC lawsuit is expected to clarify what counts as "reasonable protection."

Notes.

Today's issue includes events affecting Australia, Brazil, China, India, Ireland, Russia, Ukraine, United States..

Cyber Attacks, Threats, and Vulnerabilities

Hackers seen exploiting Heartbleed to steal session tokens (Fierce CIO: TechWatch) Barely two weeks after the revelation of a critical vulnerability in the widely-used OpenSSL library, and active exploits by hackers have already been observed being conducted against businesses. In a nutshell, the serious vulnerability can be exploited to leak the memory contents of an affected server—and vice versa. Repeatedly sieving through the memory of the targeted server could hence yield sensitive data such as usernames and passwords, or even result in the recovery of the private keys used by the server

OpenSSL code beyond repair, claims creator of "LibreSSL" fork (Ars Technica) OpenBSD developers "removed half of the OpenSSL source tree in a week"

Microsoft OneDrive for Business can Alter Your Files as It Syncs (CollaboristaBlog) Microsoft OneDrive for Business, which until recently used to go by the name of SkyDrive Pro, is making headlines today for all the wrong reasons

Fake Facebook app attack can lead to your Android being spied upon, and your bank account being hacked (We Live Security) Are you a Facebook user? If so, be on your guard if you see a screen like the following popping up on your screen

Mysterious malware steals Apple credentials from jailbroken iOS devices (CSO) A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic

Snake Campaign: A few words about the Uroburos Rootkit (VRT Blog) Over the past few days, analyzing the new Uroburos (aka Turla) rootkit has been exciting. That's because the sample dropper (MD5: a86ac0ad1f8928e8d4e1b728448f54f9) includes a lot of clever features. We don't want to rehash research already publicly available, but we will expand on some features that have not been covered in previous publications (like the driver loading strategy and the main dropper architecture)

Has your AOL account been spewing out diet spam? You're not alone… (Graham Cluley) It seems there is a big spam problem involving AOL accounts right now. You only have to check out the #AOLHacked hashtag on Twitter to see many people complaining

Bug can cause deadly failures when anesthesia device is connected to cell phones (Ars Technica) No, it's not clear why anyone would ever connect a phone to a medical device

What Happens When the 'Internet of Things' Comes to ATM Skimmers (Bloomberg) When Cisco Systems CEO John Chambers extols the virtues of the so-called Internet of Things, this clearly isn't what he has in mind

An Eavesdropping Lamp That Livetweets Private Conversations (Wired) Brian House and Kyle McDonald's creation, the Conversnitch, impersonates a lightbulb or lamp while eavesdropping on and livetweeting nearby conversations. As former NSA director Michael Hayden learned on an Amtrak train last year, anyone with a smartphone instantly can become a livetweeting snoop. Now a whole crowd of amateur eavesdroppers could be as close as the nearest light fixture

Michaels Data Breach Response: 7 Facts (Ars Technica) Could the retailer have done more to spot the eight-month intrusion in the first place?

Fake Reviews Trick Google Play Users (Webroot Threat Blog) Here at Webroot, we are constantly on the lookout for malevolent Android apps. In most cases, you do something malicious with your app and you get marked accordingly, but it's not always that simple. Two weeks ago an app called "Virus Shield" popped up on the Google Play store. Within days, Virus Shield became Google Play's #1 paid app. With thousands of reviews and a 4.7 star rating, who would question it? Well, a few people did, the code was looked at, and Google pulled it from the store. They have even gone as far as to make amends with those

Iowa State discloses data breach — attackers wanted to mine for coin (CSO) The IT staff at Iowa State University have disclosed a data breach involving five departmental servers on campus

NCO Financial Acknowledges Data Breach (eSecurity Planet) Customer names, addresses, Social Security numbers and account numbers were mistakenly exposed

Security Patches, Mitigations, and Software Updates

iPhones and Macs get fix for extremely critical "triple handshake" crypto bug (Ars Technica) Flaw makes it possible for attackers to bypass some HTTPS protections

Apple pushes out critical security fixes for OS X, iOS and Apple TV (Naked Security) Apple has been listening to Sophos Naked Security! Half-listening, anyway

Microsoft dramatically lowers price for Windows XP custom support (FierceCIO:TechWatch ) It has emerged that Microsoft has reduced the fees that large enterprises have to pay for custom support, just weeks before the official retirement of the venerable Windows XP operating system. According to a report on Computerworld, Microsoft dramatically reduced top-end price caps from as much as $5 million per organization to just $250,000

Cyber Trends

Homeland Security encourages guarding oilfield against cyber threats (Odessa American) A lot of oilfield work relies on computer systems, whether controlling production at the well head or tracking arrival of crude to wholesale market

"Each One Is a Potential Attack Point": Study Could Assess Cyber Security in Basin Oil and Gas Industry (CBS7KOSA) We often hear about cyber-attacks against banks and credit card companies, but now Homeland Security wants to work on a plan to keep technology in the oilfield in the right hands

IT Security in Utilities (Intelligent Utility) Modern energy and utility companies are becoming vulnerable in ways they are not familiar with: via cyber-attacks. A Symantec report in January said that in the first half of 2013, energy was the fifth most targeted sector worldwide. It experienced 7.6 per cent of all cyber-attacks. During the same period, the Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT) said that cyber-attacks had doubled and significantly, 53% of those attacks were against the energy sector

Bulletproofing the Grid (IEEE Spectrum) A gun attack on a Silicon Valley substation has utilities looking to boost physical security

Cyber attacks move to cloud with increased adoption, report shows (ComputerWeekly) Cyber attacks on cloud environments have almost reached the same level as attacks on traditional IT, with increased adoption of cloud-based services by the enterprise, a study shows

Traditional brute force attacks, vulnerability scans found targeting cloud environments (Techienews) A research report resulting from a survey of over 2,200 customers of security-as-a-service provider Alert Logic reveals that cyber attacks on cloud environments are increasing at an alarming level as more and more enterprises move their data to the cloud

Bringing the Board Onboard for Cybersecurity (CSG Insights Blog) Who hasn't seen a team with the top players in the sport—a seemingly undefeatable team—lose when it's all on the line? Ultimately, despite their many advantages, the team's strategy unravels

The rate of cybercrime is on the rise, with some firms losing nearly €4 million because of it (Business ETC) The study from PWC found that cybercrime in Ireland has risen from 24 per cent to 45 per cent since 2011

People Matter in Cybersecurity (American News Report) What's the biggest challenge facing cybersecurity for companies and organizations? "Often it's their own people," said Mansur Hasib, author of "Cybersecurity Leadership" which was released this spring

Teachers cyberbullied by students and their parents (Naked Security) One in five UK teachers have been cyberbullied by students and/or their parents, according to a survey published by the teachers' union NASUWT

Bots Attack US Mainly During Dinnertime (Dark Reading) Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds

Marketplace

Cyber insurance protects against data breach damage (The Tennessean) Cyber insurance may evoke ideas of science fiction, but for businesses, the risk associated with data breaches is very real

QinetiQ To Sell US Services Division (Defense News) QinetiQ has agreed to sell its US services division to the SI Organisation in a deal that could net the British defense technology company up to US $215 million

China's Huawei says reports of NSA spying won't impact growth (The Independent) The world's No.2 telecoms equipment maker, Huawei, shrugged off analysts' concerns that its growth will suffer from media reports alleging the United States accessed servers at its Shenzhen headquarters

Cyber firm ​Integrata Security is raising money, planning move to Federal Hill or Baltimore County (Baltimore Business Journal) Integrata Security is in the midst of raising anywhere from $1.1 million to $1.6 million, which will be used for product development

Products, Services, and Solutions

Google refunds Android users who bought fake Virus Shield app (Naked Security) Earlier this month an Android anti-virus app, named Virus Shield, managed to fool thousands of customers into buying it, despite not having any anti-virus capabilities

Google reportedly wants to make email encryption easier, but don't hold your breath (PC World) Still responding to the National Security Agency surveillance revelations, Google is reportedly preparing to help users beef up Gmail security with end-to-end encryption. The search giant is working on a way to make Pretty Good Privacy (PGP) encryption easier to use for Gmail fans, according to a report by Venture Beat

Facebook's Sheryl Sandberg: targeted ads don't trample on privacy (Naked Security) Facebook Bigwig Sheryl Sandberg wants us all to know that, targeted advertising or no, the Zuckerbergians are hovering over our private data like an anxious mother bird protecting her fluffy nestlings from voracious advertising raptors

Update To FORBES' Anonymous Document Drop In Response To Heartbleed (Forbes) The days of meeting reporters in an underground garage to exchange sensitive information are back. Emailing materials without taking proper precautions is now dangerously vulnerable to surveillance. For those who'd rather not troll maps for the perfect meeting place, FORBES has an easy solution. It's called SafeSource

Lunarline Announces New Training Program to Help DoD Adapt to the new RMF for DoD IT (MarketWatch) Lunarline's Rebecca Onuskanich: "We make this easy. Well, almost"

Belden Protects Critical Industrial Infrastructure with Advanced Cyber Security Toolkit (Wall Street Journal) Belden Inc. (NYSE: BDC), a global leader in signal transmission solutions for mission-critical applications, has released the Tofino Enforcer Software Development Kit (SDK), a toolkit that allows third parties to create next generation cyber security solutions using the company's patented Deep Packet Inspection (DPI) technology. Tofino Enforcer modules developed with the SDK protect difficult-to-secure supervisory control and data acquisition (SCADA) and industrial control system (ICS) protocols and improve the overall reliability and safety of industrial systems

Technologies, Techniques, and Standards

Is OpenSSL secure… in its dominance? (ZDNet) All it will take is one major player to endorse LibreSSL as compatible and functional and OpenSSL adoption will crumble

A guide to cloud encryption and tokenization (Help Net Security) Cloud adoption shows every sign of continuing to grow. The sharing of resources helps businesses achieve savings and agility based on economies of scale but there's a problem: cloud computing can also be an attractive target for cyber thieves

Cloud security still the missing link in M2M (ZDNet) With cloud the main enabler of machine-to-machine communications, questions about data security that remain unaddressed will continue to hinder wider deployment of Internet of Things

Hardware-Based Solutions Counter Medical Device Security Concerns (Medical Design Technology) The rapid growth of personal healthcare and medical products has focused renewed attention on the security of underlying device hardware and software. Ensuring authorized use and protecting critical data within these devices depends on deep security features that cannot be bypassed by traditional software methods. With the availability of hardware-based security features in microcontrollers (MCUs) and devices targeted for medical applications, engineers can harden designs for health-critical systems and devices

How can we create a culture of secure behavior? (Help Net Security) It's a busy day in your company and everyone is rushing around trying to respond to requests. Audrey gets an email that looks like it's from a partner asking her to look into a recently placed order. She clicks on the PDF to check it out. But instead of seeing the partner's order, she sees a landing page from the company's security team letting her know she fell prey to a simulated phishing attack. As she looks around the room, she sees that a few co-workers also have stunned looks on their faces

Social Media and Regulatory Compliance: Is Your Company Protected? (Cyveillance) Proofpoint hosted an excellent webinar a few weeks ago on "Tweets, Feeds, & Chatter: Social Media and Regulatory Compliance in 2014", which I've summarized here. Presenter Nick Hayes, an analyst at Forrester Research, discussed a number of regulatory pitfalls companies should be aware of as they navigate this challenging landscape

Bank of England to simulate cyber attacks to test threat response (ITPro) The attacks will test how prepared 20 of the UK's major banking institutions are. The Bank of England will test banking vulnerabilities with a number of high-profile institutions to test how prepared they are should a cyber attack occur Read more:

Typed passwords are no defense (Federal Times) With the flick of his wrist and a few keystrokes, Edward Snowden hand-typed other people's passwords and initiated data downloads in what has become the greatest national security information breach in U.S. history

Biometric Authentication: Still Waiting for Identity 2.0 (Recorded Future) It took just four days for German researchers to give the latex finger to the new Samsung Galaxy S5 and crack its fingerprint authentication. We should not be surprised, after recalling the similarly swift exploit of the iPhone by Chaos Computer Club last fall. We learn that phones with higher resolution scanners create demand for higher resolution fake fingers

7 Tips To Improve 'Signal-to-Noise' In The SOC (Dark Reading) When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game

Academia

Northrop Grumman, The University of Sydney Announce Partnership (MarketWatch) Northrop Grumman Corporation NOC +0.03% and the University of Sydney have signed a Memorandum of Understanding to work together to explore areas of common interest in providing educational, research initiatives and training programs that build local capacity across various sectors in Australia

Legislation, Policy, and Regulation

Should Australians prepare for rubber-hose cryptanalysis? (ComputerWorld) Law enforcement peak body wants to make it easier to decrypt communications

Brazil Passes Trailblazing Internet Privacy Law (SecurityWeek) Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US cyber-snooping

India backs 'new cyber law regime' (Indian Express) The note stresses that governments, organisations and individuals must take steps to enhance the security of information technology

US to surrender control of ICANN (Euractiv) A global conference in Brazil on the future of the Internet in the wake of US spying revelations might be much less anti-American than first thought, after Washington said it was willing to loosen its control

NSA Finally Reveals How PRISM Works, But It's Nothing New (Mashable) The NSA has finally decided to tell the world how the Internet surveillance program PRISM works, though it's been almost a year since its existence was revealed by one of the very first Edward Snowden leaks

Poor security policies put national security at risk at defense intelligence agencies, IG says (Washington Examiner) Defense intelligence agencies have allowed contract employees fired for misconduct to regain access to classified information, posing a threat to national security, according to a new report by the Defense Department's inspector general

GAO criticizes SEC over cybersecurity (FierceFinanceIT) The U.S. Government Accountability Office (GAO) has sent a 25-page report to the Securities and Exchange Commission detailing numerous weaknesses in the agency's cybersecurity controls over the nation's Securities markets. The report was the result of a security audit conducted by the GAO during the 2012 and 2013 fiscal years

Increased trust boosts Pentagon-industry info sharing (FCW) The Defense Department hopes an information-sharing program it launched in 2007 has matured into a potent weapon for mitigating cyber threats that are becoming too numerous to count. Speaking before a group of contractors and agency workers April 22, senior DOD officials made the case that the Defense Industrial Base Cybersecurity Information Assurance program has done just that

A Two-Way Flow of Information: Public-Private Partnership for Cyber Defense (The CyberWire) The CyberWire interviewed Mr. Alejandro Mayorkas, Deputy Secretary of Homeland Security, who participated in SINET ITSEF 2014. Deputy Secretary Mayorkas described his Department's role in US cyber security, in particular its responsibility for security the .gov space, and how the Department has taken point on sharing information with the private sector

Litigation, Investigation, and Law Enforcement

Sensitive Data: What Constitutes 'Reasonable Protection'? (InformationWeek) NIST's Cybersecurity Framework takes on new context for industry execs in light of FTC lawsuit against the Wyndham hotel chain over data security lapses

Cyber War News Shuts Down Following DOJ Request (eSecurity Week) 'Site n email contacts all gone for good,' the publisher tweeted earlier this week

Government Employees Cause Nearly 60% of Public Sector Cyber Incidents (Nextgov) About 58 percent of cyber incidents reported in the public sector were caused by government employees, according to an annual data breach report compiled by Verizon. The findings — stripped of identifying information — do not mention ex-contractor Edward Snowden's mammoth leak of national secrets

Rubio calls Snowden scandal 'most damaging' espionage case in U.S. history. Is it? (Tampa Bay Times) Florida Sen. Marco Rubio makes it clear where he stands on Edward Snowden's exposure of the National Security Agency's spying programs: The situation couldn't be more dire. "The single most damaging revelation of American secrets in our history." Rubio said when asked about the matter after a foreign policy speech at the University of Texas on April 15

In questioning Russia's Putin about surveillance, Snowden misses the point (Washington Post) The question Edward Snowden should have asked Russian President Vladimir Putin on Thursday was: "Would you please describe how the three versions of SORM operate and what is done with the intercepted phone, e-mail and other electronic media those systems collect?"

Edward Snowden is not of the left (Los Angeles Post Examiner) National Security Agency leaker Edward Snowden recently asked Vladimir Putin via teleconference, "Does Russia intercept or store the communications in any way of millions of individuals?" Putin, a former officer in the former Soviet Union's KGB intelligence agency, replied, "You are a former spy so we will talk one professional language. Our intelligence efforts are strictly regulated by our law. We have to get permission to stalk any particular person"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

US News STEM Solutions: National Leadership Conference (, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

United States Cyber Crime Conference 2014 (, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Cyber COMSEC and IT Day at Fort Huachuca (, January 1, 1970) This one-day vendor expo is a unique opportunity to demonstrate your products and services to military and civilian personnel at Fort Huachuca. Exhibitors will have a casual atmosphere to share ideas,...

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...

FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government,...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.