skip navigation

More signal. Less noise.

Daily briefing.

US Attorney General Holder says his Department is investigating the Target hack. Target describes how hackers got into its systems—stolen vendor credentials were involved. Krebs thinks a widespread backdoor in server software may also be implicated.

Social engineering of GoDaddy and PayPal appear responsible for one gentleman's loss of his famous, valuable, and much-coveted Twitter handle, "@N."

Kaspersky Labs discuss wipers, a malware genre noted for its motiveless malice and lack of rational criminal purpose.

The Register goggles at how much IKEA wants to know about customers' digital lives (more than GCHQ wants to know about HM enemies, el Reg suggests with typically endearing hyperbole).

The tension between security and trade in a globalized marketplace dominates industry news. The UK courts Brazilian tech firms (to bring jobs to Britain), and Israel works to attract investment and increase cyber exports. The US Defense Department's new procurement rules are intended to build security into acquisitions early, and suggest such measures as baselining and continuous monitoring.

But the most interesting story involves China's Lenovo, which, having added IBM's commodity server business to its portfolio, now pays Google $3B for Motorola. IBM bets on the cloud, Google on AI, Lenovo on enterprise mobility. Lenovo's acquisitions face close US regulatory scrutiny.

In what might be called "semi-active" defense, researchers debut "honey encryption"—spoofed data to gull attackers.

The US surveillance policy debate continues. Privacy advocates are somehow surprised President Obama didn't address compromised crypto in his State of the Union.

German intelligence services face surveillance litigation.

Notes.

Today's issue includes events affecting Brazil, Bulgaria, China, European Union, Germany, Ireland, Israel, Japan, Poland, Russia, Sweden, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Target says attackers stole vendor credentials (ComputerWorld) Target said Wednesday that intruders accessed its systems by using credentials "stolen" from a vendor, one of the first details the retailer has revealed about how hackers got inside

Target hackers may have exploited backdoor in widely used server software (Ars Technica) KrebsonSecurity digs in to point-of-sale malware infecting retailer's network

DOJ's Holder says agency is investigating Target data breach (ComputerWorld) The U.S. Department of Justice is investigating the data breach at Target stores, which compromised as many as 110 million payment cards and personal records in one of the largest such attacks on record

DHS Report Researcher: Retailers at Risk (BankInfoSecurity) Retail data breaches are growing. ISight Partners' Tiffany Jones, a researcher who helped the Department of Homeland Security prepare its report about malware attacks, offers new insight into the latest cyber-attacks

PayPal and GoDaddy may have cost one man his '$50,000' Twitter account (The Verge) Naoki Hiroshima had owned a rare Twitter account for around seven years. It was one that someone allegedly wanted to purchase for $50,000. Despite numerous attempts by attackers to steal his @N handle over the years, Hiroshima had managed to prevent anyone from gaining access to the account. That was until just over a week ago. "While eating lunch on January 20th, 2014, I received a text message from PayPal for a one-time validation code," explains Hiroshima. "Somebody was trying to steal my PayPal account. I ignored it and continued eating." That was the first sign of what would become a painful experience

Social engineering attack on GoDaddy and PayPal to blame in Twitter hijacking (CSO Salted Hash) Leverage. That's what the criminal had when he contacted Naoki Hiroshima. Until recently, he had one of the highly prized single letter Twitter profiles; his was @N, but now it's @N_is_stolen. The details of his story are posted to his Medium account

NEUREVT Bot Analysis (Fortinet Security Research) Neurevt (also known as Beta Bot) is an HTTP bot 1 which entered the underground market around March 2013 and which is priced relatively cheaply 2. Though still in its testing phase, the bot already has a lot of functionalities along with an extendable and flexible infrastructure

Check Point Session Authentication Agent Vulnerability (Intelligent Exploit) Check Point Session Authentication agent is a service that is installed on endpoint system in order to communicate with security gateway and allow it to request and obtain user's credentials. Session Authentication is a part of Legacy Authentication suite which provides different authentication methods to allow or deny access to network resources

Some Malware Just Wants to Watch the World Burn (Kaspersky Lab Daily) To summarize Costin Raiu, the director of Kaspersky Lab's research arm, the vast majority of malicious files are what he calls crimeware — computer programs deployed by cybercriminals seeking to make a profit by stealing credentials, data, resources, or money directly. The second most prevalent category of malicious software is designed exclusively for cyber-espionage and is used by a variety of advanced threat actors — often with state, corporate, or other deep-pocketed benefactors. Then there is a third, much smaller category of purely destructive malware — sometimes called wipers

Code Execution Vulnerability Discovered MediaWiki Plaform (CSO Salted Hash) The popular Wiki platform suffers from a remote code execution vulnerability if uploads are supported for DjVu or PDF file types

Email Worm Varies Attack Messages (Industrial Safety and Security Source) An email worm called NetSky is sending out various kinds of malicious emails to the same address. One case in point is a malicious email supposedly came from PayPal, then one from USA Hosting and one from Symantec, said researchers at Kaspersky Lab

Using USB Modems to Phish and Send Malicious SMS Messages (Threatpost) Some USB modems can be leveraged to send malicious SMS messages and carry out spear-phishing attacks — sometimes in conjunction with each other — thanks to a cross site request forgery vulnerability present in the device's web interfaces

Does the Twitter Follower Scam Actually Work? (TrendLabs Security Intelligence Blog) We've seen "get Twitter followers" scams in the past, but a recent one stood out for a very good reason: it actually delivers what it promises—and then some

Many Android apps can track your location, access photos (Help Net Security) An alarming proportion of Android applications can find and open private photographs on smartphones, track users' locations, divulge e-mail addresses over the internet and leak address books and phone logs, according to an analysis of 836,021 Play Store Android applications

This tool demands access to YOUR ENTIRE DIGITAL LIFE. Is it from GCHQ? No — it's by IKEA (The Register) Order a flat-pack kitchen, surrender your HDD's contents

Nebraska Hospital Acknowledges Data Breach (eSecurity Planet) Employees' and job applicants' names, addresses, driver's license numbers and Social Security numbers were exposed

Revenge is a dish best served electronically: 12 cautionary tales (ITWorld) These scorned IT staffers had their vengeance on their former employers — but most got their comeuppance in the end

Security Patches, Mitigations, and Software Updates

RCS removes Selector Java vulnerability (Radio Today) RCS has taken steps to remove the last few remaining pieces of Java from its music scheduler, Selector 15, citing recently stated "zero-day vulnerability" security concerns

Wikipedia dodges critical vulnerability that could have let attackers take over (ComputerWorld) The possibility of Wikipedia being taken over by attackers was just foiled by quick action on the part of Wikimedia Foundation, the nonprofit that operates Wikipedia, with the help of Check Point, the security firm that discovered the critical security hole in its code

Cyber Trends

Data mining the future with security predictions (Help Net Security) It has become somewhat of a tradition for information security vendors to pull out their crystal balls at the end of each year and do their best to predict interesting developments and threats for the coming months. It is also becoming a tradition for the security community to greet those predictions with emotions ranging from skepticism to sarcasm but in doing so we may actually miss out on an opportunity to better anticipate developing risks. That said, we need to watch out for hidden agendas embedded in those predictions of course

Redefining Malware: When Old Terms Pose New Threats (SecurityWeek) Enterprises need to grasp that the very nature of malware has completely changed

Data products introduce ethical dilemmas for data scientists (TechTarget) Products built by data for data collection, more data vs. better models, and next-gen search engines: The Data Mill reports from the IACS symposium

3 reasons for the demise of patient privacy (FierceHealthIT) Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy)

Top Cloud Security Threats (Sys-Con) To say that cloud security for cloud computing is gaining traction would be the understatement of our era

Irish Data Protection Survey Shows More Awareness But Less Concern Over Privacy Issues (BH Consulting Security Watch) A new Data Protection Public Awareness Survey, conducted during May last year and published Monday, has discovered that Irish citizens are becoming increasingly aware of data protection and privacy issues but, perhaps, are not as concerned about them as they should be

Marketplace

UK government courts Brazilian technology companies (Computer Weekly) The British Consulate in S?o Paulo has launched a competition to take 10 Brazilian technology firms on a week-long programme focused on generating business in the UK

How COTS endangers national security (Federal Times) I have long said that if you look at all the disclosures of cyber attacks and breaches, you may not have an accurate view of the current state of this national security threat. Well, last year CNBC posted a piece titled "Cyberattacks: Why Companies Keep Quiet" that expressed the same concern

6 ways to build security into acquisition (Federal Times) A report released on Jan. 29 lays out six recommendations for incorporating security standards into the government's acquisition process, including one that would ensure agencies do business only with companies that meet baseline security standards

Pentagon, GSA map out acquisition cybersecurity; tester finds issues remain (Reuters via the Chicago Tribune) The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year

'Internet of things' adds to cybersecurity challenge (Federal Times) Cybersecurity incidents are inevitable, so agencies must plan for them, according to White House cyber czar Michael Daniel, who is far from alone in that opinion

China's Secret "Doomsday" Weapon Has America Defenseless (WallStreetDaily via CountingPips) When it comes to the burgeoning Internet of Things (IoT) — whereby companies are equipping everyday objects with internet connectivity — security is an afterthought

Lenovo rolls the dice twice on US national security clearance for Motorola and IBM deals (Quartz) Lenovo's surprise deal to buy the Motorola smartphone business from Google is the Chinese firm's second high-profile acquisition of an American business, coming a few days after it agreed to take over IBM's low-end server unit. As for any purchase by a foreign company, Lenovo will need national security clearance from the US government for the deals to go ahead—and with China, internet infrastructure, and mobile phones involved, it's going to be a contentious process

Why Google just sold Motorola to Lenovo for $3 billion (Quartz) Well this is unexpected. Google is selling Motorola, the iconic handset maker it bought for $12.5 billion in May of 2012, to Chinese PC maker Lenovo for $2.91 billion. Google CEO Larry Page has penned a short note about the sale, but he doesn't get into details. Here's why the deal makes sense

Second Time's The Charm For Lenovo's Motorola Deal (TechCrunch) Lenovo's aspirations for an established mobile handset company goes back a few years. According to a report published by the WSJ, Lenovo competed with Google for Motorola Mobility in 2011. Then just last October Lenovo submitted an offer for BlackBerry. That deal also fell through. However, Lenovo's search ended last Thanksgiving when Google Chairman Eric Schmidt called Yang Yuanqing, Lenovo's

Lenovo's Motorola Mobility Buy Is Partly About The Chance To Own The Enterprise Mobile Market (TechCrunch) Lenovo's ThinkPad is the brand of choice when it comes to enterprise notebooks — Dell has a strong footing still, to be sure, but Lenovo dominated the PC market in 2013, followed by HP and then Dell. The acquisition of Motorola Mobility today gives them a chance to parlay that success in the traditional computing world into the booming enterprise hotspot of mobile tech

Google goes deeper into AI with DeepMind acquisition (FierceRetailIT) Google (NASDAQ: GOOG) is buying artificial intelligence company DeepMind for $400 million, snapping up a talent pool the company says will have practical uses in e-commerce

IBM Sells Its Business Machines: Takeaway Lessons (InformationWeek) You've seen IT silver bullets come and go before? Make no mistake: IBM truly expects data centers to move to the cloud

Will BlackBerry's comeback strategy work? (FierceMobileIT) The year 2013 was not a banner year for BlackBerry. After launching its much touted BlackBerry 10 smartphones at the beginning of the year, the Canadian mobility firm failed to get consumer traction with its all-touch Z10 smartphone

Israel's Cyber-Security Prowess Is Attracting Foreign Firms (Bloomberg) Israel's cyber-security industry has grown from a few dozen companies to more than 200 in just the past three years amid a flood of hacks targeted at the country. As Israeli Prime Minister Benjamin Netanyahu welcomes more outsiders to invest in or collaborate with the country's cyber-defense industry, a Big Four professional-services firm, Deloitte Touche Tohmatsu, is stepping up to the plate

IBM and Lockheed Martin Invest In Israeli Cyber Complex (SecurityWeek) Israel Prime Minister Benjamin Netanyahu and Ben-Gurion University of the Negev President Rivka Carmi this week announced the establishment of a national cyber complex in Beer-Sheva, called CyberSpark, Ben-Gurion University of the Negev said Tuesday

Read more: Hackers do the right thing at Cybertech event (The Times of Israel) 45 experts worm their way into a foreign server, using skills they may or may not have picked up in a questionable manner

Oracle's Ellison downplays threat of NSA database snooping (Reuters via the Chicago Tribune) Oracle Corp CEO Larry Ellison played down concerns on Wednesday about possible government snooping in his business customers' private data

Deb Alderson: Sotera Extends FBI Work with Sentinel Maintenance Task Order (ExecutiveBiz) Sotera Defense Solutions has been awarded a $60 million task order to help the FBI maintain its Sentinel information and case management program

Lou Von Thaer of Leidos on Cyber Trends, ISR Collaborations and His Bell Labs Origins (ExecutiveBiz) Lou Von Thaer started a new chapter of his three-decade GovCon career in June 2013 as president of a business once part of Science Applications International Corp. that eventually became Leidos' national security sector

Products, Services, and Solutions

Latest Enhancements Position MegaCryption as Best-In-Class Encryption Software for Big Data (PRWeb) Advanced Software Products Group's (ASPG) latest announced enhancements to MegaCryption simultaneously offer increased protection and increased ease of use to creators and consumers of Big Data. The enhancements include increased centralization of cryptographic key portability and interoperability, as well as increased support for both hashing and symmetric algorithms

ICE Unlock Hands-on: App Adds Fingerprint Security to Android (Tom's Guide via Yahoo! News) The iPhone 5s took fingerprint sensors mainstream on smartphones, but: the new ICE Unlock Android app lets users unlock their Android phones via the rear-facing camera

BeyondInsight Provides Collaborative Approach To IT Risk Management (Dark Reading) BeyondInsight provides a common dashboard interface for multiple BeyondTrust solutions

Bitglass Unveils Cloud and Mobile Security Solution That Respects Employee Privacy (Dark Reading) SaaS security solution secures corporate data on mobile devices and in cloud apps

Verizon Collaborating With PRIVO To Protect Children's Online Activities And Information (Dark Reading) Under pilot program, PRIVO will establish the Minors Trust Framework to provide parents more control and help businesses address COPPA requirements

Startup Confer Launches Cyberthreat Prevention Network (Dark Reading) New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network

Juniper Firefly Perimeter: A virtual firewall based on SRX gateways (TechTarget) Based on the SRX security gateway series, Juniper Firefly Perimeter is a software-based security gateway for multi-tenant environments

Technologies, Techniques, and Standards

Screencast: OpenPuff hides encrypted data in plain sight (TechTarget) In this video, Keith Barker of online training provider CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission

The pros and cons of elliptic curve cryptography (TechTarget) Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC

How to defend against a femtocell hack (TechTarget) The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack

How App Developers Leave the Door Open to NSA Surveillance (MIT Technology Review) U.S. and U.K. surveillance of smartphone users has been helped by mobile developers—few of whom bother to adopt basic encryption

Safe surfing: Tips to protect your children on the internet. (Women's World) Most parents these days will remember the mantras of their childhood being 'stop, look, listen' and 'don't take sweets from strangers'. The outside world was somewhere to be weary of. Now, the outside world is right there on a screen in your home

The Wireless Registry wants to be the address book for the Internet of Things (FierceRetailIT) The Wireless Registry wants to create a global registry for wireless names and devices, making it easier to associate content to these names and provide meaning when they are detected

Four easy ways to protect your Mac from malware (Sophos Blogs) It's true that malware is less common on Macs than on Windows or Android. But that doesn't mean Macs are inherently more secure, or that Mac users should take their security for granted

Remote access control: Can you stop UIC-, DIC-armed hacker from attack? (TechTarget) Organizations can take steps to prevent hackers with UIC, DIC data from damaging their networks

Research and Development

"Honey Encryption" Will Bamboozle Attackers with Fake Secrets (MIT Technology Review) A new approach to encryption beats attackers by presenting them with fake data

Anthropology and Algorithms: On Reverse Engineering (Medium) The Atlantic welcomed 2014 with a major feature on web behemoth Netflix. If you didn't know, Netflix has developed a system for tagging movies and for assembling those tags into phrases that look like hyper-specific genre names: Visually-striking Foreign Nostalgic Dramas, Critically-acclaimed Emotional Underdog Movies, Romantic Chinese Crime Movies, and so on. The sometimes absurd specificity of these names (or "altgenres," as Netflix calls them) is one of the peculiar pleasures of the contemporary web, recalling the early days of website directories and Usenet newsgroups, when it seemed like the internet would be a grand hotel, providing a room for any conceivable niche

Academia

University of Cumbria in Bitcoin world first (The Westmorland Gazette) The University of Cumbria is believed to be the first public university in the world to accept virtual currency Bitcoin as payment for course fees

Northrop Grumman Awards STEM Education and Job Training Grants in Salt Lake City (MarketWatch) Northrop Grumman Corporation NOC +1.82% recently provided grants worth nearly $7,000 to support two science, technology, engineering and mathematics (STEM) educational initiatives and one job training program in Salt Lake City

Legislation, Policy, and Regulation

Obama Stays Silent on Reform of NSA's Crypto Subversion (Wired) President Barack Obama in his State of the Union on Tuesday failed to address needed surveillance reforms concerning NSA-introduced cryptography vulnerabilities. Privacy advocates and business interests were crossing their fingers that the chief executive would announce he was following the

OWASP Statement on the Security of the Internet (OWASP) The OWASP (Open Web Application Security Project, www.owasp.org) community cares deeply about how much people can trust commonly used Internet services and the applications that provide and use these services. The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming

Remarks as delivered by James R. Clapper, Director of National Intelligence at the Worldwide Threat Assessment Hearing of the Senate Select Committee on Intelligence (IC on the Record) Madam Chairman, Vice Chairman, panelists and distinguished members of the committee, my colleagues and I here today present the intelligence community's worldwide threat assessment as we do every year. I'll cover five topics in about eight minutes on behalf of all of us

Draft EU data protection laws would lighten enterprise wallets (TechTarget) The updated EU General Data Protection Regulation raises breach penalties for enterprises operating in the EU. Attorney Francois Gilbert explains

Hackers hold the European parliament to account (The Guardian) United by 'hackers' spirit', participants at a Brussels hackathon bring the actions of MEPs under scrutiny for the first time

Startups get two year delay on government eavesdropping disclosures (FierceBigData) It's no secret that U.S. Internet giants and technology companies are catching a lot of heat about their role, voluntary or not, in government eavesdropping. Therefore no one blames Google, Facebook, Yahoo and Microsoft for striking a deal with the Obama administration to disclose government data requests to the public. However, startups are not getting quite the same deal, which makes one wonder why

Israel to Create Cyber Attack Emergency-Response Team (Mashable) As part of Israel's program to deal with rising cyber threats, the government is putting together a task force to help citizens and businesses cope. The country's National Cyber Bureau plans to establish cyber-emergency response teams this year that will specialize in handling different kinds of hacks, said Rami Efrati, the head of the bureau's civilian division

GAO: Protect next-gen 911 from cyberattack (FCW) The Government Accountability Office wants the Department of Homeland Security to work with the departments of Commerce, Justice, and Transportation and the Federal Communications Commission to ensure next-generation, IP-based 911 emergency response systems are not vulnerable to cyberattack

Lawmakers to introduce bills to bolster cyber security, innovation industry in Maryland (ABC2 News) House Speaker Michael Busch and Senate President Mike Miller said they've worked about a year, and today the brains behind our universities joined them in Annapolis, to announce a plan on how to grow Maryland business and keep them here

Litigation, Investigation, and Law Enforcement

Huge swath of GCHQ mass surveillance is illegal, says top lawyer (The Guardian) GCHQ's mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws, according to a hard-hitting legal opinion that has been provided to MPs

German government faces legal action over NSA spying (PC World) The German government and the German Federal Intelligence Service are facing legal action because they allegedly aided the U.S. National Security Agency (NSA) data collection program

DNI Clapper Endorses Expedited Supreme Court Ruling on NSA Surveillance (Defense News) Under questioning from a hard-nosed senator, America's top intelligence official on Wednesday endorsed an expedited Supreme Court ruling on controversial NSA spying programs

Intelligence Chief: Snowden and 'Accomplices' Should Return 'Stolen' NSA Documents (Mashable) The head of the U.S. intelligence community publicly asked Edward Snowden and "his accomplices" to return the documents he has "stolen" from the NSA

No, Edward Snowden Doesn't Deserve The Nobel Peace Prize (Forbes) Once again, Edward Snowden has been nominated for the Nobel Peace Prize. Bloomberg reports that "Norwegian parliamentarians Snorre Valen and Baard Vegar Solhjell nominated Snowden for the award — the same honor Obama himself

Snow Job (Politico) It's time to blow the whistle on Edward Snowden

News of the World phone hacker was refused full immunity by CPS, jury told (The Guardian) Prosecutors believed Dan Evans might be 'vulnerable' to allegations he was making up evidence, Old Bailey hears

Terrorism suspect challenges warrantless surveillance (Washington Post) A Colorado man facing terrorism charges became the first criminal defendant to challenge the constitutionality of the National Security Agency's warrantless surveillance program

No known threats, but Super Bowl transit security ramped up (Newsday) Law enforcement officials are beefing up Super Bowl security measures for the mass transit system after suicide bombings in Russia in the weeks before the Sochi Olympics, though there are no known terrorism threats against Sunday's big game.

SpyEye bank Trojan creator Aleksandr Panin faces 30 years in jail (ComputerWorld) The Russian man who created the SpyEye Trojan used to attack countless millions of online bank accounts has pleaded guilty to conspiracy charges in an Atlanta court room

SpyEye Creator Got 'Sloppy,' Then Got Nabbed (Dark Reading) Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye

Payment Card Fraud Ring Busted in Poland (eSecurity Planet) Five Bulgarian citizens are accused of using stolen financial data to create counterfeit payment cards and make illegal electronic transactions

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...

Cloud Expo Europe (, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

U.S. Department of Commerce Technology Expo (, January 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact...

Cyber Security 2014 (, January 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

FBI HQ Cloud Computing Vendor Day (, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, January 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB Technology & Cyber Security Expo (, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

Trustworthy Technology Conference (, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...

Creech AFB Technology & Cyber Security Expo (, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.