skip navigation

More signal. Less noise.

Daily briefing.

FUD raineth on the just and the unjust, as evidence of ISIS's tweeted morbid suspicions that it's been infiltrated by "crusaders" attests.

The Sony hack remains an object of intense interest. The loss and damage are considerable and still being assessed: some 40 gigabytes of sensitive information, Wired reports, has leaked to the Internet. Ars Technica publishes a brief overview of the attack's destructive "wiper" functionality. Attribution has, as is usual in such cases, moved into a slightly controversial phase. Sony denies re/code's report that the company was about to "officially" blame North Korea for the attack: Sony insists the incident remains under investigation. Other security experts cast doubt on the North Korean attribution, but consensus opinion still looks at Pyongyang.

The high-profile attack on Sony has also stoked investor interest in cyber security firms.

Asprox's criminal masters are aggressively recruiting machines into their botnet. They're using phishing emails asking the recipient to "confirm their order;" such appeals are particularly effective during holiday gift-giving.

Concerns about Android vulnerabilities resurface. Some of them involving pre-installed malware revive concerns about Chinese threats to the global IT supply chain.

Wired interviews "Darkside," billed as the world's biggest surviving online drug lord.

The US Department of Homeland Security expands cyber security student internship opportunities.

Foreign policy mavens assess China's cyber policy, and see preservation of the Communist Party as its principal objective.

The prospective US Defense Secretary, Ashton Carter, is expected to devote close attention to cyber security. He'll get help from Senator McCain.

Notes.

Today's issue includes events affecting Australia, China, European Union, India, Iran, New Zealand, Russia, United Kingdom, United States.

Dateline SINET Showcase

SINET Showcase and Workshops 2014 (SINET) Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems. SINET Workshops deliver critical knowledge, targeted perspective and opportunities for direct information sharing between entrepreneurs and security experts. Held in conjunction with IT Security Entrepreneurs Forum and Showcase, each workshop offers expert insight from industry and government officials, venture capitalists, leading researchers and successful entrepreneurs who share thought leadership, experience and "know how." There is no comparable opportunity to learn how to navigate the Federal Government sector, and to obtain the necessary financing, professional services and guidance needed to win

Security Innovation Network (SINET) Announces Its 2014 Top 16 Emerging Cybersecurity Companies (Yahoo! Finance) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition. The companies, which were selected from a pool of 180 applicants from around the world, represent a range of Cybersecurity solution providers who are identifying cutting-edge technologies to address Cybersecurity threats and vulnerabilities. The selected companies will share their work with buyers, builders, investors and researchers during the SINET Showcase on Dec. 3 — 4, 2014 at the National Press Club in Washington, DC

Iranian CLEAVER hacks through airport security, Cisco boxen (Register) Plausibly-deniable Iranians suspected of Stuxnet reprisal attacks

Iran attacking critical infrastructures-Cylance report (Control) December 2nd, the Cylance report on OpCleaver was made public. The report provides details about Iran's program to attack critical infrastructures. I have been concerned about Iran's capabilities and intents for several years and have blogged about it in the past. These include articles I have reviewed by an "Iranian engineer" on Stuxnet and Siemens safety systems, articles by Iranian professors on ICS cyber security methodology, and Iran translating Project Shine into Farsi

PFP Cybersecurity Selected as a 2014 SINET 16 Innovator (Sys-Con Media) Security startup recognized for its innovative solutions to address critical infrastructure and supply chain threats

ZeroFOX Announces Integration with OpenDNS (ZeroFOX) ZeroFOX is proud to announce its partnership with OpenDNS, integrating social media attack intelligence with OpenDNS's web filters. The integration allows mutual customers to leverage proactive threat intelligence with real-time enforcement. Together, OpenDNS and ZeroFOX give security teams the power to block social malware and phishing everywhere your employees work

OpenDNS reinforces cloud security with ties to Check Point, ZeroFOX, others (Network World) A new API opens the way for a dozen more partners over the next few months

Cyber Attacks, Threats, and Vulnerabilities

Paranoia could be the best weapon against the Islamic State (Washington Post) The worm of paranoia begins to eat into even the hardest adversary. An example is a Twitter post last week displaying an Islamic State leaflet offering a $5,000 reward for information about "crusaders' agents" in the ranks

Sony's IT blueprints leaked by hackers (CSO) More data hits the public internet, this time it's passwords and network details

Inside the "wiper" malware that brought Sony Pictures to its knees (Ars Technica) FBI memo and other analysis provide details of how the malware worked

Sony hacked: Cyber attack affected Microsoft systems only (Indian Express) Eight days after a massive cyber attack on Sony Pictures Entertainment, the Hollywood studio was still struggling to restore some systems on Tuesday evening as investigators combed for evidence to identify the culprit

Sony Pictures debunks Re/code's article stating North Korea was behind cyber-attack (New York Daily News) Sony Pictures told the Associated Press that Re/code's article on North Korea being the culprit of hacking Sony was inaccurate

Security experts doubt North Korea hacked into Sony (KLTV 7) Some cybersecurity experts say it is unlikely North Korea was behind the cyberattack that crippled Sony Pictures' computers and possibly leaked unreleased movies online

Sony Got Hacked Hard: What We Know and Don't Know So Far (Wired) Who knew that Sony's top brass, a line-up of mostly white male executives, earn $1 million and more a year? Or that the company spent half a million this year in severance costs to terminate employees? Now we all do, since about 40 gigabytes of sensitive company data from computers belonging to Sony Pictures Entertainment were stolen and posted online

Asprox Operators Have Started Recruiting for a Larger Botnet (Softpedia) Emails popping up in inboxes this time of the year and asking for confirmation of an order are far from raising suspicions, and this is exactly what the operators of the Asprox botnet count on in order to extend their network

Android 'DeathRing' malware being pre-loaded on cheap smartphones (TechWorld) For the second time in a year, Chinese-made Android smartphones have been discovered pre-flashed with malware, this time a Trojan security firm Lookout Mobile has ominously dubbed 'DeathRing'

Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques (Infosec Institute) In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on a non rooted device using data backup techniques. This shows the significant risk associated with apps that are not so concerned about security

Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 (TrendLabs Security Intelligence Blog) Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes

Warning over fake Bitcoin Foundation sites scamming cryptocurrency users (ZDNet) Fraudsters are targeting Bitcoin users with phoney The Bitcoin Foundation websites and sending potential victims to a fake Bitcoin wallet designed to phish their credentials

Over 700 UK medical record security breaches reported in under a year (FierceContentManagement) One-fifth involved paper documents, files

An Interview With Darkside, Russia's Favorite Dark Web Drug Lord (Wired) Among the handful of black markets that have survived law enforcement's recent crackdown on the Dark Web, the drug selling site RAMP is different

After School Is The Latest Anonymous App Resulting In Student Cyberbullying And School Threats (TechCrunch) Meet After School, an anonymous Whisper-like app that hit the App Store in October 2014. And of course it's causing issues in countless schools like Yik Yak and Ask.fm did before it

Planes, Trains & Automobiles — Are You Safe From PoS Malware Anywhere? (TrendLabs Security Intelligence Blog) The celebration of Thanksgiving and Black Friday last week marks the start of the holiday shopping season for majority of the world. For most, this means vacations, family, friends, traveling, and of course, shopping. This is also the time for watching feel-good holiday movie reruns on television

Security Patches, Mitigations, and Software Updates

Twitter rolls out new anti-trolling tools, promises quicker abuse investigation (Naked Security) Twitter is making changes which should make it easier and quicker for users to report abuse or flag inappropriate content

New TLS/SSL Version Ready In 2015 (Dark Reading) One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications

Cyber Trends

The Real Cost of Cyber Incidents, According To Insurers (Dark Reading) Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report

New Research Shows Most Vulnerabilities Exploited in About a Week (Recorded Future) Recorded Future research published in "Week to Weak: The Weaponization of Cyber Vulnerabilities" identified the short window of time system administrators have before announced software vulnerabilities become a real threat to their operations. As noted in this research, it takes a little more than a week for an exploit leveraging a new CVE to be detected on the open web

Coffee Talk with Krebs: Nine Questions for Brian Krebs (Cyveillance Blog) Cyveillance Chief Scientist Caleb Queern recently spoke with Krebs about illegal online pharmacies, open source intelligence, the future of cybercrime, and more

Addressing Corporate Espionage in the 21st Century (Security Magazine) The 21st Century is often referred to as the information age; the developing global marketplace has contributed to the entrance of new cultures and economies into the competitive global economy. Due to globally available infrastructure and the development of global telecommunication/computing capabilities, it has enabled individuals, companies and countries to compete globally on a level playing field with traditional Western powers even from some of the most remote parts of the world. Unfortunately this has also created conditions in which the threat of corporate espionage has been rapidly proliferating due to the ease threat actors can ply their trade both through physical and virtual actions against U.S. corporations

Cyber Security's Big Data Problem (eSecurity Planet) Big Data has rendered older security models largely obsolete. The all-in-one product approach that once served the industry well is now inadequate

10 cyberthreats to watch in 2015 (Banking Exchange) Don't fight the last war. Booz Allen says third-party, wireless, alternative payments risks all to expand

Cyber Threats to Increase in Scope and Complexity in the New Year as Black Hat Hackers Become More Sophisticated, According to Fortinet 2015 Threat Predictions (Broadway World) As the 2015 New Year looms, Fortinet® (NASDAQ: FTNT), a global leader in high-performance network security, and its threat research division FortiGuard Labs, have taken a look ahead to determine the most significant cyber security threats of the upcoming New Year both from the perspective of a Black Hat hacker, as well as a Threat Intelligence solutions vendor. As the number of devices connected to the network increases, cyber criminals will continue to hone their prowess when it comes to IoT attacks and advanced evasion techniques, while also continuing to exploit large-scale server side vulnerabilities for financial gains and other nefarious purposes. Businesses and government organizations globally are at risk, as are consumers' important personal information

KnowBe4 Issues Alert: Social Engineering Threats Soaring (Virtual Strategy Magazine) KnowBe4 says "watch out" for cybercriminals looking to make some extra cash during scam season — it's a social engineering bonanza with threats on multiple fronts

U.S. Leads Way in PoS Malware Infections in Q3: Trend Micro (SecurityWeek) The United States is at the top of the list of countries with the most infections of point-of-sale (PoS) malware during the third quarter of the year, according to research from Trend Micro

Australians visiting more malicious sites: Trend Micro (ZDNet) Trend Micro's third-quarter security report for 2014 has found that Australia now ranks fifth in the world for countries with the highest number of visits to malicious sites

Trend Micro: Malware on the rise across NZ (Computerworld) Our findings confirm that we are battling rapidly moving cyber-criminals and evolving vulnerabilities simultaneously"

Marketplace

Making the business case for cybersecurity (Federal Times) Cybersecurity has been one of the fastest growing sectors in the federal government over recent years. It's a 24/7/365 job as threats are constant in an online world. In fact, the Government Accountability Office reported in June that "the number of cyber incidents reported by federal agencies increased in fiscal year 2013 significantly over the prior three years"

Hacked Sony Movies Highlight Opportunities for Buyers of Cyber Security Firms (Mergers & Acquisitions) Cyber security companies are becoming increasingly attractive to buyers in the wake of the attack on Sony, which has Internet users downloading millions of pirated copies of "Fury" and "Annie"

Seeking safe bets in cyber-security startups (The Age) The hackers appear to be winning. Each month, it seems, another company's records get compromised and another shadowy group amasses millions of private documents

CIT and MACH37™ Cyber Accelerator Hold 3rd Demo Day for Cyber Startups (Virtual Strategy Magazine) Twelve entrepreneurs of cybersecurity startups presented to investors, industry leaders

ThreatStream Grabs $22M To Help Fight Cybersecurity Threats (TechCrunch) ThreatStream, a cybersecurity firm based in Redwood City, CA, announced $22M in Series B funding today to continue their efforts to help organizations fight cybersecurity threats. Today's funding brings the company's total raised to-date to $26.3M

Trainee cyber-criminals wanted to help solve skills shortage (Phys.org) The world is already short of computer security experts, but by 2017 that shortfall is going to have reached about two million. Criminal hackers cause damage running to billions of pounds every year — just look at the attack on Sony Pictures, leaking unreleased films onto the web and threatening the company's entire system. If we don't do something about this skills gap soon, the costs we bear are going to keep spiralling upwards and we will be increasingly vulnerable to cyber attacks

Nuix Receives Sizable Order to Support Federal Law Enforcement (BusinessWire) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has signed an agreement to supply one of its federal law enforcement agency customers with Nuix Investigator Lab software. This premier digital forensic investigation and analytics technology will support law enforcement offices around the country

Products, Services, and Solutions

Facebook forges partnership with IT security vendor ESET (ZDNet) The goal of the alliance is to prevent malicious links from populating Facebook user News Feeds and Message

Elastica Unveils Security and Compliance Solution for Dropbox (MarketWired) Securlet™ Provides Comprehensive Visibility, Compliance, Data Governance, and Threat Protection for Dropbox for Business Accounts

Gemalto teams up with Chunghwa Telecom for its commercial launch of NFC services in Taiwan (Nasdaq) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has teamed up with Chunghwa Telecom, the largest operator in Taiwan with 10 million subscribers, to secure their mobile NFC services

South River Technologies Adds Enterprise File Sharing and Sync (EFSS) Capabilities to Cornerstone MFT (MarketWired) New EFSS capabilities added to leading managed file transfer platform

WidePoint Arm Approved to Issue DoD ID Verification Credentials (ExecutiveBiz) A WidePoint Corp. subsidiary has become the first vendor to receive an approval from the Defense Department to issue personal identity verification credentials for more than 40 million users with access to the agency's information systems

SentinelOne Broadens Endpoint Security Capabilities to Provide Continuous Cycle of Protection against Advanced Malware (BusinessWire) SentinelOne, the company that's redefining endpoint security, today announced the latest release of SentinelOne EDR (Endpoint Detection and Response), which expands its core execution inspection technology with cloud intelligence, application whitelisting, and real-time forensics. This broader security coverage enables SentinelOne EDR to provide a continuous cycle of protection against both known and zero-day attacks on Windows, Mac, and Android computing devices, including servers and embedded systems. These new capabilities build upon SentinelOne's existing predictive execution inspection engine which dynamically tracks each newly-created process on a machine to block malware, exploits, and zero-day attacks

IONU Security Delivers the Next Generation of Transparent Security™ and Integrated Multi-Vendor, Secure Cloud File Sharing Capabilities (Sys-Con Media) IONU Security Inc., the worldwide leader in Transparent Security™, today unveiled the next generation of its Transparent Security technology and the IONU Pro app, which adds secure and integrated, multi-vendor cloud file storage and sharing capabilities to IONU's industry-leading security applications

NCR Corp. (NYSE:NCR) Has Begun Offering TrustPipe For Business And Nektar Therapeutics (NASDAQ:NKTR) Submits A Biologics License Application (EMarkets Daily) NCR Corp. (NYSE:NCR) [Trend Analysis] released that its Telecom and Technology group has begun offering TrustPipe for Business, an innovative new security solution to help telecom clients and their SMB and enterprise customers protect critical desktop assets

BalaBit Adds New Security and Support Capabilities to Its Industry-Leading Log Management Tool syslog-ng Premium Edition (MarketWired) Latest syslog-ng Premium Edition addresses data privacy concerns, enhances interoperability, and extends server platform support

New software detects personal identifiers in email (Air Force Times) An updated software tool coming Friday will warn you if you include personally identifiable information in your Microsoft Outlook emails

Technologies, Techniques, and Standards

Stopping Zero-Day Attacks with Secure Configuration Management (TripWire: the State of Security) Zero-day (0day) vulnerabilities are one of the most serious cyber security threats confronting enterprises today

Fear of Mobile Device Evidence Collection? (Officer) In agencies that have shifted some digital evidence collection responsibilities from lab-based personnel to those in the field — investigators, patrol officers, or crime scene techs — the response has been mixed

Automating Incident data collection with Python (Internet Storm Center) ​One of my favorite Python modules is Impacket by the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to all the machines in your environment to list or kill processes is very useful. Python and Impacket make this very easy. Check it out

Improving your readiness for OCR audits (Help Net Security) In the wake of healthcare data breaches, OCR audits for HIPAA compliance have become more common — and the consequences have been more highly publicized. But many healthcare providers still don't know how to prepare effectively for an audit

Best practices in knowledge-based authentication (Help Net Security) Knowledge-based authentication (KBA) is a methodology gaining increasing recognition for providing the identity proofing part of user authentication

Design and Innovation

This Guy's Hacked Hearing Aids Let Him Listen to Wi-Fi Networks (Wired) Earlier this year, after a decade of slowly losing his hearing, Frank Swain found himself donning a pair of Starkey Halo hearing aids. The bluetooth-connected buds, which wirelessly stream audio from an iPhone, are some of the most technologically advanced on the market. It got Swain, a writer for New Scientist, thinking: Hearing aids have always been considered a band-aid to hearing loss, but what if they could be used for more than just bolstering the performance of failing ears? What if he could use them to hear things other humans were totally deaf to?

New Google API simplifies the reCAPTCHA experience (Security Affairs) Google has simplified the authentication process by introducing an updated CAPTCHA that simply asks users whether they are a bot

Research and Development

GCHQ boffins quantum-busted its OWN crypto primitive (Register) 'Soliloquy' only ever talked to itself

Academia

Homeland Security to Expand Student Volunteer Cybersecurity Initiative (FedTech) A growing need for U.S.-based cybersecurity experts has spurred federal agencies to bolster internship programs

Legislation, Policy, and Regulation

EU Security Strategy to focus on emerging threats (SC Magazine) The new EU Internal Security Strategy for 2015-2019 should be "easily adaptable to evolving situations" by focusing not only on existing but also on emerging security threats, says a resolution approved by the EU Civil Liberties Committee on Wednesday. Cyber-security is listed as one of the key concerns, along with interlinked topics including organised crime, money laundering, trafficking in human beings, foreign fighters, and corruption

China: A cyberwarring state (Washington Times) China's strategy of large-scale cyberattacks is motivated mainly by the goal of keeping the Chinese Communist Party (CCP) in power, in addition to gaining economic secrets and planning cyberattacks in a conflict, according to a new report by the Center for a New American Security

For China, Cybersecurity Is Part of Strategy for Protecting the Communist Party (New York Times) For nearly two years, cyberespionage has been a tense focal point of relations between the United States and China. On Wednesday, the Center for a New American Security, a research group in Washington, released a paper written with the aim of understanding the motivations behind China's cybersecurity strategy. Its conclusion: that the strategy, like China's foreign policy, is driven mainly by the domestic political imperative of needing to "protect the longevity of the Chinese Communist Party"

Experts call for all-inclusive security policy (Tribune) The imperative to address multi-dimensional security challenges India faces in the wake of ever-altering landscape and the need to evolve a national policy to meet the emerging threats was today underlined by eminent speakers at the first Roundtable organised by the Tribune National Security Forum in association with the Indian Council of World Affairs

Obama's pick to lead the Pentagon is big on cybersecurity (Washington Post) President Obama's pick to lead the Pentagon, former deputy secretary of defense Ashton "Ash" Carter, has been a big supporter of increasing the country's cybersecurity capabilities. His nomination signals that the administration is likely to continue to aggressively build out its ability to fight adversaries in the digital world

McCain Ready To Tackle Cyber Threats, Cost-Plus Contracts as SASC Chairman (DefenseNews) Sen. John McCain is 78 years old. But that doesn't mean cyberspace escapes him

Here's Why Cybersecurity Remains a Challenge for the Justice Department (Nextgov) The Justice Department's handling of cybersecurity remains one of its biggest management challenges, according to a recent memo to Attorney General Eric Holder from the agency's top watchdog

Banking Committee to examine financial cybersecurity (The Hill) The Senate Banking Committee next Wednesday will hold a hearing on cybersecurity in the financial sector

Push for Formation of a Combined NY and NJ Cyber Protection Team (Hudson Valley Press) U.S. Senators Kirsten Gillibrand (D-NY), Charles Schumer (D-NY), Robert Menendez (D-NJ), and Cory Booker (D-NJ) announced their support for the New York and New Jersey Army National Guards' formation of a combined Cyber Protection Team

Litigation, Investigation, and Law Enforcement

Dozens of Chinese Held in Kenya 'Cyber Bust' (SecurityWeek) Police in Kenya are holding 77 Chinese nationals accused of running a cyber crime network and mysterious ""command center" from upmarket houses in Nairobi, officials and reports said Thursday

How the world's powers are preparing to defend themselves against cybercrime (Telegraph) Learning how to counter the growing effectiveness of cyber warriors has become a pressing priority for the West — and they're seeking soldiers from Silicon Valley

IG: DOD has dropped the ball on IPv6 transition (Defense Systems) The Defense Department has fallen behind in its adoption of IPv6 and needs to make it a priority for reasons of cybersecurity and for supporting its plans for future operations, according to a report from the DOD Inspector General

Man jailed after posting ex's topless photos to her employer's Facebook page (Naked Security) A US man from Los Angeles who hid behind a pseudonym to post topless photos of his ex to her employer's Facebook page has been found guilty and jailed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Upcoming Events

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

SINET Showcase (, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.