skip navigation

More signal. Less noise.

Daily briefing.

Anonymous continues to deface Israeli military and intelligence service websites. Iranian hackers acting in professed sympathy with Gaza Palestinians attack an Israeli job-seeker site and expose 70,000 users' personal information. Der Spiegel reports that Israeli security services were monitoring US Secretary of State Kerry's communications during recent negotiations over the Gaza crisis.

Russian authorities may block access to BBC sites in retaliation for the British service's interviews of a Siberian autonomy activist.

G-Data sees the IcoScript RAT using email (including Yahoo and Gmail) for command-and-control.

McAfee researchers say an Android RAT masquerading as Kaspersky Mobile Services is prospecting Polish Android users.

Sandboxing and code emulation may be approaching the end of their useful lives as defenses against zero-days, claims a senior Juniper software architect — demo coming today at BSides Las Vegas.

CryptoWall continues to rake in the Bitcoins.

Malvertising worries rise. The "Magnitude" pop-up exploit kit's success on the black market shows that cybercriminals have learned a lesson or two from the arrest of Blackhole's Paunch — they've grown cagier and harder to finger.

Sophos runs a "honeybot" and tells what they learned about botnet formation.

Cisco, Evernote, and Synology fix some vulnerabilities.

Threatpost sees a silver lining in Snowden's leaks — a wave of innovation — as others see a dark cloud of damage — better terrorist cyber tradecraft.

Target's breach proves costlier than once thought. Kaspersky and Symantec deny they've been banned in China. Haystax buys NetCentrics. Verdasys rebrands as Digital Guardian.

China sternly warns Microsoft not to interfere with monopoly probes.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, Hungary, India, Iran, Israel, Palestinian Territories, Poland, Russia, Switzerland, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Continues Cyber-Attacks on Israeli Government Websites Knocking Mossad and IDF Offline (International Business Times) Anonymous continues to wage cyber-war on Israel in protest at its attack on Gaza knocking hundreds of government websites offline including those belonging to secret service Mossad and the Israel Defence Force (IDF)

#OpSaveGaza: Anonymous Iran hacks Israeli job site, leaks personal details of 70k users (HackRead) A group of Iranian hackers going with the handle of Islamic Cyber Resistance (ICRG), who call themselves Anonymous as well have claimed to breach an Israeli job website

Wiretapped: Israel Eavesdropped on John Kerry in Mideast Talks (Spiegel) New information indicates that Israeli intelligence eavesdropped on telephone conversations by US Secretary of State John Kerry. Sources told SPIEGEL the government then used the information obtained from the calls during negotiations in the Mideast conflict

Russia seeks to block BBC website over interview with activist (The Desk) Russian authorities say they are prepared to block the country's local version of the BBC News website after the agency published an interview with a social activist last month

IcoScript rat controlled via email services, including Yahoo and Gmail (Security Affairs) Experts at the German security firm G-Data discovered a RAT dubbed IcoScript which receives commands from C&C via email services including Yahoo and Gmail

Poweliks malware creates no files, lays low in the registry (Help Net Security) For most malware, performing their malicious task(s) is the primary goal, and a close second is to stay unnoticed on the system for as long as possible. As developers of security software constantly improve detection methods, malware creators are always trying to keep one step ahead of their efforts

Android RAT impersonates Kaspersky Mobile Security (Help Net Security) A clever malware delivery campaign impersonating well-known AV vendor Kaspersky Lab is actively targeting Polish Android users

How Malware Writers Cheat AV Zero-Day Detection (Dark Reading) A researcher reverse engineers AVG's code emulation engine after easily bypassing other major antivirus software products

CryptoWall ransom attacks net huge haul of Bitcoins from victims (Techworld) Stealthy malware still making easy money

PayPal's two-factor authentication is easily beaten, researcher says (IDG via CSO) A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found

DDoS Kits Become More Common, So DDoS Assaults Get Simpler, Says Trustwave (Spamfighter News) According to researchers from Trustwave a security company, cyber-criminals, these days, do not require creating their own malicious software for, ready-made toolkits are easily available for purchase with which they can execute DDoS assaults

Electric Mayhem — Linux and FreeBSD servers in easy reach (Cyactive) The Mayhem malware, uncovered In May-July 2014, specifically targets Linux and FreeBSD operating system servers, turning them into bots and enabling attackers access to hosted websites. Mayhem is estimated to have been active for the past six months and reuses code and methods from earlier malware

A Peek Into the Lion's Den — The Magnitude [aka PopAds] Exploit Kit (Trustwave Spider Labs: Anterior) Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we'll review its most up-to-date administration panel and capabilities, as well as review some infection statistics provided by Magnitude over the course of several weeks

Invisible Web Infection Poses Threat to Federal Computer (Nextgov) A surge of malicious software hit news media websites during the first half of 2014, unleashing a threat to federal agencies that rely on those sites to get information, cybersecurity researchers say

How to send 5 million spam emails without even noticing (Naked Security) We write about bots, also known as zombies, fairly frequently on Naked Security. That's because they're the money-making machinery of modern cybercrime

Legal Threat Spam: Sometimes it Gets Personal (Internet Storm Center) Yesterday, I spotted the following tweet mentioning me

Vulnerability in Spotify Android App May Lead to Phishing (TrendLabs Security Intelligence Blog) We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft

Call Center Phone Fraud for Fun and Profit at Black Hat (Threatpost) Reconnaissance in the context of targeted attacks usually involves scouring freely available online resources such as social media and developer forums. Personal information willfully posted to these sites are clues a hacker can use to build a profile on a target, map systems and network architecture, and craft phishing emails in order to steal user credentials

Nigerian 419 scams and 'Silver Spaniel' targets Aussie businesses (Australian Reseller News via CSO) Businesses need to be more aware of common malware campaigns such as 'Silver Spaniel' and Nigerian 419 scams, which are targeting Australian organisations, according to Palo Alto Networks

Bitdefender Reveals the Biggest Scams on Facebook (VPN Creative) While Facebook's research and popularity continues to increase at a staggering pace, the social network is becoming an attractive target for malware and scam adversaries, and social engineering attacks on Facebook users only increased massively since the last decade

State Department still probing system crash that's hindering ability to process passports, visas (FierceGovernmentIT) State Department officials are still investigating why a database responsible for processing passports and visas crashed, resulting in major performance issues since July 20

P.F. Chang's update says 33 restaurant locations affected (SC Magazine) P.F. Chang's China Bistro restaurant chain issued an update on its June security breach earlier today and stated that the the breach affected point-of-sale (POS) systems at 33 locations

Why I WOULD Eat at P.F. Chang's After their Data Breach (Trend Micro Simply Security) Recently FBI director James Comey told ABC News that there are two kinds of companies: those that have been hacked and know it, and those that have been hacked and don't know it. One company, P.F. Chang's, recently fell into the hacked category, and from our view, their handling is a text-book case in the right way of doing things

The World's Most Hackable Cars (Dark Reading) Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers

Bulletin (SB14-216) Vulnerability Summary for the Week of July 28, 2014 (US CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Cisco patches traffic snooping flaw in operating systems used by its networking gear (CSO) The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment

Evernote Patches Vulnerability in Android App (TrendLabs Security Intelligence Blog) We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional controls to protect user data in Evernote for Android 5.8.5. Android users who are running versions below 5.8.5 should update to the latest version

SynoLocker Ransomware Affecting Synology DiskStation (Synology Inc. Online Community Forum) Hello Everyone. We'd like to provide a brief update regarding the recent ransomware called "SynoLocker," which is currently affecting certain Synology NAS servers

Cyber Trends

In the Wake of the Snowden Revelations, a Wave of Innovation (Threatpost) It was an absurd scene. Keith Alexander, the director of the NSA and a four-star general in the Army, stood alone on the stage, squinting through the floodlights as members of the standing-room-only crowd shouted insults and accusations. Armed men in dark suits roamed the area in front of the stage, eyeing the restless crowd. Nearby, a man sat with a carton of eggs at his feet, waiting for a chance to let fly

A Fight for Narratives in the Battle Against Extremism (Small Wars Journal) In a world where power is often interpreted as the ability to exert kinetic influence over one's enemies, it is important not to ignore a very different sort of battle space: the fight over perceptions and the struggle to influence ideas. In this arena, narratives can be every bit as powerful as physical force, but where physical force is often a tangible battle for territorial dominance; narratives are an intangible battle for legitimacy

Cloud Security Priorities and Synergies with Enterprise Security (NetworkWorld) CISOs must prioritize identity, data security, and security monitoring, and strive for a "single-pane-of-glass" across enterprise IT, SaaS, PaaS, and IaaS

Cybersecurity Needs Expanding Beyond Computers or Your Pocket and Into Your Home (Wall Street Journal) Mobile device security expert to lead forum on the risks of Internet-connected things during annual Black Hat Conference in Las Vegas

Tyranny Of The Beep: Taming The @#$! Sensors (InformationWeek) The Internet of Things could spark an explosion in senseless computing

Dude, How Secure Is My Connected Car? (eSecurity Planet) With connected cars becoming more common, experts say vehicle manufacturers should adopt security best practices used by mobile device makers

Connected vehicle cybersecurity: Opportunity and responsibility (The Hill) Last week, as leaders of the automobile industry gathered in Detroit to announce a new effort to protect our increasingly networked vehicles from future cyber attacks, President Barack Obama was calling for more investment in the development of connected car technologies that will save American lives and money

When It Comes to Technology, Humans Are Idiots (Tech News World) At the core of bad decisions, you can usually find one of three things: an excessive focus on finding someone to blame rather than doing causal analysis and focusing on the actual problem; an unwillingness to do the hard work to actually fix the problem; and a stronger need to appear right than actually to be right. Technology can help us become smarter, but it can't force us to act smart

Hackers 'constantly probing' federal computers: spy chief (CTV News) Malicious hackers are "constantly probing" federal computer systems so they can break in and steal coveted information, says the head of Canada's electronic spy agency

Cyber attacks on rise in India (Asian Age) There is an increase in aggressive cyber attacks against Indian organisations involved in environmental, economic and government policy, according to cyber security firm Kaspersky Lab

Cybercom Chief: Cyberspace operations key to future warfare (American Forces Press Service via North Texas e-News) In the cyber domain of 2025, the ability of military formations to operate offensively and defensively will be a core mission set, and commanders will maneuver the capability much as they maneuver ground forces today, the commander of U.S. Cyber Command said recently

Marketplace

Target: Expenses Related to Data Breach Higher Than First Thought (SecurityWeek) Minneapolis-based Target Corporation announced on Tuesday that its second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 massive data breach that rocked the retail giant

Symantec, Kaspersky deny being banned in China (PC World) Symantec and Kaspersky Lab are both denying that China has banned their products, amid media reports that the country is shutting out foreign security vendors from selling to government agencies

BlackBerry completes restructuring process (IT News) Internal memo reveals company preparing for growth

Cyber-security, computing companies in acquisition deal (UPI) Cyber-security company Haystax Technology has acquired NetCentrics Corporation to provide next-generation security and analytics services

Security tech firm Verdasys rebrands as Digital Guardian while raising $20M (Venture Beat) Security tech firm Verdasys is rebranding itself as Digital Guardian under new chief executive Ken Levine. He's also in the midst of raising a $20 million round of funding

FireEye Stock Can Rebound as Global Threat of Cyber Crime Rises (The Street) If you own shares of enterprise security company FireEye (FEYE_) you've felt anything but secure this year. Since reaching a 52-week high of $97.35 in March, the stock has been down by as much as 73%, reaching a low of $25.58 on May 15

SRA Wins Prime Position on DHS EAGLE II Contract (MarketWatch) SRA International, Inc. , a leading provider of IT solutions and professional services to government organizations, today announced that the company was awarded one of several prime positions on the Department of Homeland Security's (DHS) Enterprise Acquisition Gateway for Leading Edge Solutions II (EAGLE II) program. SRA received an award on the Unrestricted Track for Functional Category 1. The cumulative value of all contracts in this multiple award procurement is established at $22 Billion

Healthcare CISO Association Launched (InfoRiskToday) New group designed to boost professional development

John Wilson Joins Qinetiq's Cyveillance Arm as EVP; Scott Kaine Comments (GovConWire) John Wilson, formerly executive vice president of global field operations at Qualys, has joined cyber intelligence provider and Qinetiq subsidiary Cyveillance as an EVP

Products, Services, and Solutions

Amazon's four tips to make sure your cloud is secure (Techworld) AWS makes four Trusted Advisor features free

New game sharpens secure coding skills (Help Net Security) Today at Black Hat, Checkmarx launched Game of Hacks, a challenging game for software developers and security professionals to test their application hacking skills, improve their code security know-how and facilitate better security practices in hope of reducing the amount of vulnerabilities in their applications

Major Manufacturing Company Expands GRC Program with Supply Chain Security Solutions from Modulo (PR Web) Modulo, a leading provider of technology governance, risk and compliance (GRC) solutions, today announced that a Fortune 500 manufacturing company has expanded its GRC program to include Modulo's new Supply Chain Security (SCS) solution

FireEye and Rapid7 Advance Security Incident Detection and Response Management With User-Behavior Intelligence (MarketWatch) Technology integration alerts enterprises of advanced attacks by correlating user-based indicators of compromise with industry-leading FireEye Dynamic Threat Intelligence

Kaspersky vs BitDefender Antivirus: Who Rules the Global Market (Mobile Web User) The competition of antivirus software in the market nowadays, is rapidly catching the eyes of end-users. Companies wanted to get all the users' attention, giving them an idea that the rapid increase of viruses and threats are harmful to their PCs. The increasing demands of computer security nowadays, is now one of the main components of improving the service to offer to their customers

Leak Lets You Send Anonymous Emails (TechCrunch) It's clear that anonymity, in one way or another, is going to be a part of our digital future. But the folks over at JustLeak.it have looked to the past for inspiration in this brave weird new world

Major OS upgrade for network security and UTM appliances (ProSecurityZone) CyberoamOS has undergone a major upgrade covering the company's NG firewalls and UTM appliances for greater security, simplicity and interoperability

Raytheon to Showcase Broad Cyber Product Portfolio at Black Hat 2014 (Wall Street Journal) Raytheon Company (NYSE: RTN) will demonstrate its wide breadth of cybersecurity products and latest research in booth #627 in the business hall at the Black Hat Conference taking place August 2-7 at the Mandalay Bay in Las Vegas. Black Hat attracts approximately 150 vendors and more than 7,500 of the world's most renowned security experts, executives and attendees. This is Raytheon's first year as an exhibitor and sponsor

Technologies, Techniques, and Standards

SP 800-53 A Rev.4 DRAFT Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (National Institute of Standards and Technology) NIST announces the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Initial Public Draft). SP 800-53A is a Joint Task Force publication and a companion guideline to SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations

11 signs you've been hacked — and how to fight back (ITWorld) Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Synolocker: Why OFFLINE Backups are important (Internet Storm Center) One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but aren't always available and complete

How often should you conduct penetration testing? (ZDNet) In a rapidly shifting attack landscape against the backdrop of a hackers' black market worth billions, if you wait to pentest — you lose

Bits and bytes in intelligence: Umbrella from OpenDNS (SC Magazine) In our other First Look this month we talk about the soft side of cyber intelligence. Our review for that was Silobreaker. Now we turn to the hard side of the equation: the bits and bytes. This is the aspect that helps us determine if addresses and domains are hosting attacks, malware or phishing. As one might expect, gathering that type of information needs sensors and, to be effective, lots of sensors. There are three generic ways to access/place sensors

A dual approach to risk management and mitigation of cyber threats (FierceBigData) Risk management and mitigation of cyber threats are no different from any other risk exposure facing companies. Effective strategies must employ a dual approach: security and insurance. Neither one alone is adequate, but both are necessary and more likely to address the growing cyber threats in their many manifestations

Unexpected Ways to Lose Business Data (The Hartford: Small Biz Ahead) Even simple mistakes can put your business at risk

Is Third-Party Software Worth It? (Tripwire: State of Security) Several months ago, I was having a conversation with an engineer who was struggling with the various build system and legal hoops one has to deal with to include a third-party library

Android Dynamic Code Analysis — Mastering DroidBox (blog.dornea.nu) In this article I'll have a a closer look at DroidBox which provides a mobile sandbox to look at Android applications. In the previous post I've dealt with static code analysis. This time will start running our malicious application and look at the "noise" it generates

How to recognise the cyber insider threat (Computerworld) Losing business to a competitor because one of your trusted employees has walked out the door with sensitive information doesn't need to happen if you look for the signs and put controls in place, according to a panel of cyber security experts

Design and Innovation

BitBeat: Crypto Innovators Find Fertile Ground in Soft-Touch Switzerland (Wall Street Journal Money Beat) As U.S. and European Union banking regulators seek greater control over bitoin, they might want to watch what's happening in Switzerland

Research and Development

Oxford and Cambridge in the race to eliminate passwords (Naked Security) More novel approaches to authentication have been gaining media attention this week, each linked to major universities

Extracting audio from visual information (MIT News) Algorithm recovers speech from the vibrations of a potato-chip bag filmed through soundproof glass

NSF announces two new academic-based cybersecurity research grants (FierceGovernmentIT) The National Science Foundation recently announced funding for two teams of university researchers who will work on new approaches to enhance cybersecurity for information systems as well as provide education and training around the issue

The Best of Both Worlds (UC Santa Barbara Current) UC Santa Barbara cryptologists receive $500,000 from the NSF to study encryption algorithms that are both efficient and provably secure

Academia

AACC Cyber faculty one of 4,000 in world to earn Intrusion Certification (Eye on Annapolis) Marcelle Y. Lee recently became one of only 4,000 people in the world to earn a Global Information Assurance Certification (GCIA) as a Certified Intrusion Analyst. The instructional specialist at Anne Arundel Community College's CyberCenter, Lee plans to use that knowledge to enhance AACC's already advanced cyber training programs

Legislation, Policy, and Regulation

CSEC won't say how long it keeps Canadians' private data (Globe and Mail) The federal government's secretive electronic intelligence agency is not disclosing how long it can hold onto Canadians' communications — even though its leaders have said that "firm" time limits are in place to protect privacy

NSA leaker Thomas Drake says Oz security reforms are 'scary' (The Register) Australians urged to oppose NatSec laws before they silence whistleblowers

Information sharing in government — stop scaremongering and let it happen (ComputerWeekly) The Telegraph has reported that the government is considering implementing an information sharing system across Whitehall

Why Does the United States Have 17 Different Intelligence Agencies? (Nation) We have built over thirty building complexes for top-secret intelligence work since 2001 — and our security state just keeps growing

In supersecret cyberwar game, civilian-sector techies pummel active-duty cyberwarriors (Military Times) When the military's top cyberwarriors gathered last year inside a secretive compound at Fort Meade, Maryland, for a classified war game exercise, a team of active-duty troops faced off against several teams of reservists

Military services seeking innovative ways to attract highly skilled recruits (Washington Post) The military services are looking at innovative ways to change their personnel systems to boost the recruitment and retention of skilled people. The services are considering steps such as starting people at higher ranks and providing career paths that might include going in and out of the service

North Carolina National Guard: Preparing Cyber Warriors for state and nation (DVIDS) What do major online and storefront retail giants, federal and state government agencies and national banks/financial institutions have in common? They all have suffered malicious cyber attacks over the past several years. Cyber intrusions and attacks expose sensitive personal and business information and disrupt essential operations negatively affecting business and the economy

Litigation, Investigation, and Law Enforcement

China Warns Microsoft Against Obstructing Probe (Wall Street Journal) Chinese regulators on Monday publicly warned Microsoft Corp. against obstructing an antitrust investigation into the firm, in the latest sign that Beijing has turned frosty on the U.S. software maker. China's State Administration for Industry and Commerce said in a statement that Microsoft should avoid "interfering in or obstructing" the probe. The regulator also said it had questioned Microsoft Deputy General Counsel

Ron Paul Again Urges Clemency for Edward Snowden (NewsMax) Ron Paul is renewing his call for the Obama administration to grant clemency to National Security Agency spy-secrets leaker Edward Snowden — and to let him return home

As evidence mounts, it's getting harder to defend Edward Snowden (Volokh Conspiracy via the Washington Post) The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics web intelligence firm, published a persuasive timeline showing that Snowden's revelations about NSA's capabilities were followed quickly by a burst of new, robust encryption tools from al-Qaeda and its affiliates

Visit the Wrong Website, and the FBI Could End Up in Your Computer (Wired) Security experts call it a "drive-by download": a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It's one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers' clutches within minutes

Getting on Military Bases is about to Involve FBI Background Checks (Nextgov) Members of the defense community, starting this Friday, automatically will be screened against the FBI's criminal database when they try enter military installations and pulled aside if the system shows an arrest, felony or outstanding warrant

Wikipedia link to be hidden in Google under 'right to be forgotten' law (Guardian) Request for blocking of search results granted to anonymous applicant is first to affect an entry in the online encyclopaedia

Google defends child porn tip-offs to police (AFP via Yahoo! News) Google defended its policy of electronically monitoring its users' content for child sexual abuse after it tipped off police in Texas to a child pornography suspect

Apple faces class action suit for tracking users without consent (Naked Security) Apple's been hit with a class action suit [PDF] in the US for using the location service function on its iPhones to track customers without notice to, or consent from, customers when it comes to their whereabouts being tracked, recorded, sent to Apple, and potentially provided to third parties

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

Upcoming Events

Black Hat USA 2014 (, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT.

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.