skip navigation

More signal. Less noise.

Daily briefing.

Cyber criminal informants prove to be as blowback-prone as regular wiseguy snitches. "Sabu" provides exhibit A: the New York Times reports that while he was an FBI informant, Sabu continued to exploit zero-days, some against Brazilian, Syrian, and Iranian government sites.

Enterprises continue to mop up Heartbleed. Many Android apps remain leaky, but some are found protected, ironically, by a common implementation coding error. The number of direct exploits still seems small in comparison with the scope and potential of the vulnerability. Clean-up itself presents at least two problems: some fragile SSL implementations have been disabled when scanned for Heartbleed, and the frenzy to find and close Heartbleed holes has provided hackers with useful misdirection, particularly in attacks on US universities. And, of course, Heartbleed continues to provide useful phishbait to spammers.

The unrelated but very large We_heart_it diet spam campaign has oozed from AOL over to Twitter. Its origins remain obscure, but it's become a significant nuisance.

Many US physicians have suffered identity theft recently, which, Krebs suggests, hints at problems in some commonly used service.

Bkav claims to have found serious vulnerabilities in Amazon's Cloud IaaS Service.

Medical devices and maritime shipping remain, sector analysts say, dangerously open to cyber attack even though the worst bogeymen have yet to materialize. Electrical utilities move toward a consensus that cyber risks are more serious than physical ones.

Insurers find many retailers remain oblivious to cyber risk. Financial analysts warn against cascading effects of widespread failure to insure against cyber losses.

Notes.

Today's issue includes events affecting Brazil, Cambodia, European Union, Iran, Russia, Syria, Tunisia, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

FBI knew of zero-day attack on websites, let hackers use it (Ars Technica) NY Times reports Sabu directed attacks with Plesk exploit after arrest. Hector Xavier Monsegur, the hacker known as "Sabu," became a confidential FBI informant following his 2011 arrest. But he continued to direct other hackers to attack more than 2,000 Internet domains in 2012, including sites operated by the Iranian, Syrian, and Brazilian governments

Heartbleed Security Cyber Attacks Roundup (Gadget Gestures) If you paid attention to the information flooding your news feed that warned you over and over again about the Heartbleed security bug that makes your passwords and personal data vulnerable to theft and all sorts of cyber attacks, then you know the problem is serious and affects more people that one could have imagined in the beginning

While Heartbleed distracts, hackers hit US universities (CSO) The panic over the Heartbleed bug is proving to be a convenient distraction for hackers using standard techniques in a fresh wave of attacks targeting at least 18 U.S. universities, according to a computer security researcher

Be Careful what you Scan for! (Internet Storm Center) After some fun and games at one customer site in particular, I found that the SSL services on the earlier versions of the HP Proiliant Servers iLo ports (iL01 and iLO2) are not susceptible to heartbleed. However, their implementation of SSL is fragile enough that scanning them for the Heartbleed vulnerability will render them inoperable. This affects Proliants from G1 all the way up to G6, as well as many of the HP Bladesystems

Android Heartbleed Alert: 150 Million Apps Still Vulnerable (Dark Reading) Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X

Coding error protects some Android apps from Heartbleed (CSO) Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library

How To Detect Heartbleed Mutations (Dark Reading) The nightmare of Heartbleed is not the chaos of fixing the bug. It's identifying hundreds, possibly thousands, of small mutations still hiding in the network

States: Spike in Tax Fraud Against Doctors (Krebs on Security) An unusual number of physicians in several U.S. states are just finding out that they've been victimized by tax return fraud this year, KrebsOnSecurity has learned. An apparent spike in tax fraud cases against medical professionals is fueling speculation that the crimes may have been prompted by a data breach at some type of national organization that certifies or provides credentials for physicians

Amazon Cloud IaaS Service servers riddled with vulnerabilities (Help Net Security ) An investigation spurred by one of the customers of their security product has lead researchers of security company Bkav to an unexpected discovery: the servers provided by Amazon's Cloud IaaS Service are riddled with vulnerabilities

Mystery attack drops avalanche of malicious messages on Twitter (Ars Technica) Scammers abuse thousands of compromised accounts linked to third-party services

We Heart It attack spills out into Twitter diet spam tidalwave (Graham Cluley) Twitter and We Heart ItDiet spammers are not just exploiting AOL accounts to spread their unwanted adverts for miracle weight loss products, they have been flooding Twitter too

Japan airport staff dash to replace passcodes after security cock-up (The Register) Haneda employee drops key codes ahead of Obama visit

Intimidating new Internet fraud reported in AC (Arizona City Independent) New type of malicious computer virus known as 'ransomware'

Six Degrees datacentre suffers outage for more than 12 hours (ComputerWeekly) Customers using Six Degrees Group's datacentre and hosting services faced downtime on Tuesday — a crucial business day after the Easter weekend — as the datacentre, hosting and managed services provider suffered an outage for more than 12 hours

Medical devices at risk from cyber attack (Business Technology) A pacemaker designed to send life-saving electrical pulses to your heart and provide your doctor with vital information about your health can also unfortunately be a target of a sinister cyber attack

Global Shipping Exposed to Cyber Threats (MarineLink) The next hacker playground: the open seas — and the oil tankers and container vessels that ship 90 percent of the goods moved around the planet

Dissecting the unpredictable DDoS landscape (Help Net Security) DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar

Banking Trojans, Bitcoins and Espionage Dominate Recent Cyber-threats (InfoSecurity Magazine) Mobile banking trojans! Bitcoin wallet attacks! Cyber-espionage threats! It turns out that these three cyber-baddies are developing their attack trajectories exactly as predicted for 2014

Security Patches, Mitigations, and Software Updates

HP firmware bricks ProLiant server models (ComputerWeekly) HP has released a server patch that it has admitted will kill 100 of its server models and 14 network adapters upon installation

Apple users left exposed to serious threats for weeks, former employee says (Ars Technica) Patch delay comes two months after previous lapse for critical "goto fail" fix

Apple + Patching = You're Doing It Wrong :( (Kristin Paget's Blog) Apple just released iOS 7.1.1, which contains a bunch of security fixes for a wide range of things. Of particular interest is the list of issues they fixed in WebKit, which includes

Cyber Trends

Verizon DBIR 2014: Incident patterns show industry-specific threats (TechTarget) "We may be able to reduce the majority of attacks by focusing on a handful of attack patterns." That's the thought that Verizon used to tantalize readers of the 2013 iteration of its Data Breach Investigations Report, but as it turns out, the 2014 version found that more than nine out of ten data breaches can be described by just one of nine attack patterns, an enticing claim for enterprise information security teams

Cybersecurity quickly trumping physical security (FierceSmartGrid) Security is becoming an important part of the day-to-day operations of every utility across the United States, and a recent ruling by the Department of Justice (DOJ) is meant to make it easier for companies to keep their assets secure while keeping the lights on

Demand for BYOD access control leads to NAC resurgence (TechTarget) Network access control technology has come a long way from its days of being derided as an expensive and difficult tool that only succeeds in locking users out of the network. As the number of devices and the diversity of the users hitting networks across all industries grows, NAC security is becoming a must-have technology for any corporate environment

Ponemon Institute Survey Finds Exchanging Threat Intelligence Could Have Prevented Recent Cyberattacks (Broadway World) IID, securing the Internet with shared cyber intelligence, today announced the immediate availability of a Ponemon Institute survey that the company sponsored entitled, "Exchanging Cyber Threat Intelligence: There Has to Be a Better Way"

Intelligence-Sharing Suffers Growing Pains (Dark Reading) For most organizations, intelligence-sharing remains mainly ad-hoc and informal — and thus fraught with frustration and pitfalls, new report from Ponemon finds

Heartbleed as Metaphor (Lawfare) I begin with a paragraph from Wikipedia: Self-organized criticality is one of a number of important discoveries made in statistical physics and related fields over the latter half of the 20th century, discoveries which relate particularly to the study of complexity in nature…That may or may not leave you cold. I begin with those lines because they say that complexity in the large can arise from locally simple things

UK businesses fail to prepare for upcoming changes to EU data laws (CSO) UK businesses are unprepared for next year's changes to EU data protection laws, a survey has found

Report: Some Retail Firms Still Don't Recognize Cyber Security Risks (Dark Reading) Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says

Lack of cyber risk insurance could lead to "global financial shock" (We Live Security) The financial damage caused by a large data breach or malicious employee activity can be enormous, but while more than three-quarters of organizations say they have become more concerned about information security and privacy in the past three years, the lack of cyber risk insurance could lead to a "global" shock

CyberSlang: The "@ to Zero-Day" Guide to Geek Speak (Raytheon) "Bot herders" have nothing to do with sheep. "Pentesting" is not what you do with a dried-out ballpoint. And "Air Gap" is not a 1980s easy-listening duo from Australia

Marketplace

A strong information security program is a competitive gain, not just a cost (TechTarget) CIOs are often asked to quantify the value of technology investments, but the CIO of an East Coast company was caught off guard by one such recent request and whom it came from. "The marketing chief wanted to know if we should use our security and privacy measures as a competitive differentiator to market our business and services," said the CIO, who is still in the midst of his research and asked not to be named

DHS inquiry into cyber solutions for small businesses stirs ideas, pushback from tech sectors (Inside Cybersecurity) With the Department of Homeland Security conducting a public meeting May 6 on its inquiry into cybersecurity solutions that meet the unique needs of small and mid-sized companies, Inside Cybersecurity is pulling together its exclusive coverage of a process that kicked off with a February request for information

Thomson Reuters Again Wins Operational Risk Software Provider of the Year Award in Operational Risk and Regulation Awards 2014 (MarketWatch) Thomson Reuters, the world's leading source of intelligent information for businesses and professionals, today announced that it has been awarded the Operational Risk Software Provider of the Year Award in the Operational Risk and Regulation Awards, 2014. This is the second consecutive year that Thomson Reuters has been awarded this achievement

Venture Capital: The Lifeblood Behind Security Innovation (Dark Reading) Want to know where the next generation of IT security innovation and technology is coming from? Follow the money

Cybersecurity's new frontier (Daily Record) The exterior walls of Luminal's downtown Frederick headquarters office are made of brick. But the company isn't focused on walls. Its software aims to make a computer system more secure from the inside, instead of relying only on exterior defenses

Raytheon tackles nation's STEM workforce challenge during "STEM Week" in Washington, D.C. (MarketWatch) What can the U.S. do to prepare today's students to take on STEM jobs in the future? To help answer that question, U.S. News and Raytheon Company RTN -4.96% today launched the STEM Index to measure just that. It's the first comprehensive index measuring the key factors related to STEM jobs and education

Thomson Reuters uncovers internal engineering talent with crowdsourcing (TechTarget) Thomson Reuters Corp. has hit upon an effective way to find engineering talent. The media and information company has figured out a way to crowdsource for problem solvers — from behind the firewall

South-East police forces on the hunt for information assurance services in £20m tender (Computing) The police and crime commissioner for Surrey has issued a tender on behalf of police forces within the South East Regional Information Security Management Group including: British Transport Police, Civil Nuclear Constabulary, Essex Police, Hampshire Police, Hertfordshire Police, Kent Police, Metropolitan Police Service, Surrey Police, Sussex Police and Thames Valley Police

Mark Forman Returns to TASC as IT, Cloud Services VP; Bruce Phillips Comments (GovConWire) Mark Forman, co-founder and former CEO of Government Transaction Services LLC, has joined TASC as vice president for information technology and cloud services

Products, Services, and Solutions

AIG Expands Cyber Coverage to Include Physical Risks Posed by Cyber Attacks, Security Failures (Wall Street Journal) American International Group, Inc. (AIG) insurers today announced an expansion of their cyber insurance offering to include property damage and bodily injury exposures. This is a market-leading cyber offering that provides commercial customers a way to manage physical risks to their operations from cyber attacks and cyber security failures

Google Adding Security Checks to Non-OAuth 2.0 Compliant Apps (Threatpost) Google announced today that in the coming months it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks

Cisco's RTP ops fueling new cybersecurity solution (Triangle Business Journal) Cisco's just-launched Managed Threat Defense service is relying on two operations centers to protect your data — one of which is in Research Triangle Park

Splunk App Promises Data Center Managers Complete Visibility (Datacenter Dynamics) Data center intelligence provider Splunk has launched version 3.1 of its operational information system, Splunk App for VMware

Rapid7 announces security certifications for Metasploit and Nexpose (Help Net Security) Rapid7 is launching certification programs for Nexpose administrators and Metasploit Pro specialists

Forescout launches new PSN compliance package (UK Authority) A programme to help local authorities and government departments to meet the requirements of the Public Service Network (PSN), the secure network enabling local and central government organisations to communicate electronically has been launched today

CrowdStrike offers new free Heartbleed Scanner tool (CSO) In the wake of the Heartbleed vulnerability revelation, many security vendors raced to provide tools to help businesses and individuals test for the flaw on their own systems. Unfortunately, many of those tools used flawed logic, or delivered inaccurate results—either causing undue alarm, or providing an unwarranted sense of security. CrowdStrike has developed a new free Heartbleed Scanner tool that delivers more comprehensive information to help you understand which systems or applications are at risk

eScan Launches a unique online tool to identify Heartbleed bug affected websites (OpenPR) eScan, one of the leading Anti-Virus and Content Security Solution providers has launched an online tool to identify the latest vulnerability, Heartbleed bug which has been creating chaos in the cyber security landscape. This tool introduced by eScan can be used by IT users to check whether the website they are browsing is affected with the Heartbleed bug or not

New NIST Tool Streamlines Government App Vetting (Threatpost) Developers who produce apps intended for use on internal networks at government agencies are getting a vetting process of their own called AppVet

Technologies, Techniques, and Standards

Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL (Ars Technica) IBM, Intel, Microsoft, Facebook, Google, and others pledge millions to open source

FedRAMP program office releases transition plan to new controls baseline (FierceGovIT) Private sector cloud providers with a FedRAMP provisional authorization making them eligible to sell services to federal agencies will have about a year to implement the new minimum set of security controls

Is CyberSec Framework Doomed to Fail? (infoRisk Today) Researcher Touts Market-Driven Approach as Alternative. A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves

Dr. Larry Ponemon on How Security Survey Research Is Done (eSecurity Planet) Head of the Ponemon Institute details the process and the challenges of conducting modern security surveys

Verizon breach report makes case for behavioral analytics (CSO) Behavioral analytics technology defends against Web application attacks by flagging and stopping unusual user activity

PCI DSS — Why it fails (Naked Security) The Payment Card Industry Data Security Standard (PCI DSS) is a globally agreed standard of compliance for any company that accesses, stores or transmits cardholder data (CHD) and personally identifiable information (PII). I've written a contrasting article about the successes of the PCI DSS, but in this article I want to highlight five reasons I think it fails in its goal

PCI DSS - Why it works (Naked Security) The Payment Card Industry Data Security Standard (PCI DSS) is a document that sets the de facto standard of compliance for any company that accesses, stores or transmits cardholder data (CHD) and personally identifiable information (PII). The PCI DSS's founding members — American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. — sought to replace their individual data security compliance programs in favour of a globally agreed standard

Workplace Data Privacy Vs. Security: The New Balance (Dark Reading) Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?

Learning from others (Help Net Security) The old saying "one man's misfortune is another man's gain" is eminently applicable in the information security industry. When an organization becomes the victim of a security breach, its misfortune should be viewed as an opportunity for the rest of us to learn how to improve the security of our own systems

How to prevent RATs from taking over your Mac (ITProPortal) My partner and I have seven pet rats at home and I love every single one of them. But there is one kind of rat I am keen on keeping out of my home — and my computer — and that's a Remote Access Trojan. These nasty, malicious applications let attackers use your computer as if they were sitting right in front of it, giving them complete access to your files, your network, and your personal information

Fun with Passphrases! (Internet Storm Center) As systems administrators and security folks, we've all had our fill of our users and customers using simple passwords. Most operating systems these days now enforce some level of password complexity by default, with options to "beef up" the password requirements for passwords

Design and Innovation

Ultraprivate Smartphones (MIT Technology Review) New models built with security and privacy in mind reflect the Zeitgeist of the Snowden era

Researcher proposes alert tool for managing online privacy risks (Help Net Security) As more and more of our daily life happens online, the issue of online privacy should be of prime importance to each of us. Unfortunately, it's not

Designing a Prize for Usable Cryptography (Electronic Frontier Foundation) In an era when email and messaging services are being regularly subject to attacks, surveillance, and compelled disclosure of user data, we know that many people around the world need secure end-to-end encrypted communications tools so that service providers and governments cannot read their messages. Unfortunately, the software that has traditionally been used for these purposes, such as PGP and OTR, suffers from numerous usability problems that make it impractical for many of the journalists, activists and others around the world whose lives and liberty depend on their ability to communicate confidentially

Inside the 'DarkMarket' Prototype, a Silk Road the FBI Can Never Seize (Wired) The Silk Road, for all its clever uses of security protections like Tor and Bitcoin to protect the site's lucrative drug trade, still offered its enemies a single point of failure. When the FBI seized the server that hosted the market in October and arrested its alleged owner Ross Ulbricht, the billion-dollar drug bazaar came crashing down

Research and Development

Error-Free Quantum Computing Made Possible in New Experiment (IEEE Spectrum) For quantum computing to ever fulfill its promise, it will have to deal with errors. That's been a real problem until now, because although scientists have come up with error correction codes, the quantum machines available couldn''t make use of them. But researchers report today that they've created a small quantum computing array that for the first time performs with enough accuracy to allow for error correction—paving the way toward practical machines that could outperform ordinary computers

Academia

Guidance Software to Sponsor the National Collegiate Cyber Defense Competition (Wall Street Journal) Guidance Software, Inc. (NASDAQ:GUID) announced today that it is sponsoring and participating in the National Collegiate Cyber Defense Competition (NCCDC). The three day-event, which is being held April 25-27 in San Antonio, Texas, provides a real-time educational venue where students can apply theoretical and practical skills that they've learned in the classroom to real-world cybersecurity scenarios. Students from 180 colleges and universities in ten regions competed at the qualifying and regional levels. The top team from each region will compete at this national competition

Legislation, Policy, and Regulation

Vision is needed at NETmundial (Center for Democracy and Technology) The Global Multistakeholder Meeting on the Future of Internet Governance, a.k.a. the NETmundial meeting, starts today in Sao Paulo, Brazil. The NETmundial meeting has two goals: 1) articulate a set of Internet governance principles, and 2) propose a roadmap for the future development of the Internet governance ecosystem. The meeting comes a short 7 months after Brazilian President Dilma Rousseff gave a scathing speech at the UN General Assembly on NSA surveillance in which she called for mechanisms that would reinforce key principles related to Internet governance and use

Net neutrality dead for good? FCC may endorse pay-for-play deals (Ars Technica) ISPs could charge for improved access as long as they don't block Web services

Litigation, Investigation, and Law Enforcement

Lloyds TSB bank clerks accused of installing hardware device to help them steal £2 million (Graham Cluley) Three Lloyds TSB employees have been accused of conspiring to steal over £2 million from bank accounts, after allegedly installing a hardware device to steal passwords from the banking group

Snowden 'plays' at being watchdog (The Tennessean) Edward Snowden missed a chance to earn redemption when he played into Vladimir Putin's press conference

Obamas NSA: Edward Snowden Is Not A Hero (Fits News) Let's get one thing straight. Edward Snowden is a hero

Saravá Collective protests against data surveillance (Saravá: por uma internet livre) We from Saravá Group are worried about arbitrary and reckless action of the Public Prosecutor's Office. The Office is requesting access to content we host

Aereo argues that ruling against it could hurt cloud storage business (IT World) The steaming video service argues it does not violate US copyright law by giving subscribers access to over-the-air TV

DOJ immigration office unable to access case databases (FierceGovIT) The Justice Department can't currently handle some of its immigration cases because of a hardware failure that's left the agency unable to access databases

Two Alleged Members of Anonymous Cambodia Arrested (Softpedia) A couple of 21-year-old students believed to be members of Anonymous Cambodia have been arrested. Local authorities collaborated with the FBI on the investigation

Maricopa Community Colleges Sued Over Data Breach (eSecurity Planet) The lawsuit claims that MCCCD 'failed to notify victims of the data breach in a reasonable or timely manner'

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

US News STEM Solutions: National Leadership Conference (, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

United States Cyber Crime Conference 2014 (, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Cyber COMSEC and IT Day at Fort Huachuca (, January 1, 1970) This one-day vendor expo is a unique opportunity to demonstrate your products and services to military and civilian personnel at Fort Huachuca. Exhibitors will have a casual atmosphere to share ideas,...

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...

FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government,...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.