skip navigation

More signal. Less noise.

Daily briefing.

ISIS insurgents (who appear to have Syria, Lebanon, and Jordan queued up for attention once they re-establish their simulacrum of a caliphate in Iraq) are finding social media a two-edged weapon: as cyber conflict rises in parallel with the fighting, parties unknown are tweeting sensitive information about ISIS plans and operations.

Anonymous announces another action against the energy sector: oil companies in Saudi Arabia, Qatar, and the United Arab Emirates are named as targets.

Apparent Russian government hacking of recent Ukrainian elections came close to achieving their complete disruption. The Christian Science Monitor reports that experts see the episode as an unhappy foreshadowing of future election problems worldwide.

As the HM Government announces broader cyber-sharing with British industry, it also says government networks have been breached by foreign cyber espionage operations. (The espionage is unattributed, but the UK and China have been at cyber loggerheads for some time. These tensions aside, the two countries are said to be working toward closer cyber law enforcement collaboration.)

Several stories on malware evolution offer further insight into how the Internet (and especially its shadier, black-market precincts) can give cyber criminals a supple and responsive R&D capability.

Microsoft discloses and fixes a vulnerability in its Malware Protection Engine. The bug could expose users of several Microsoft products to denial-of-service attacks.

Advances in mobile device technology pose forensic analysts new technical and legal challenges.

Dark Reading looks at the cyber insurance market and discerns a big problem: no "evidence-based method" to assess cyber risk profiles.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Finland, India, Iraq, Ireland, Jordan, Lebanon, NATO, Portugal, Qatar, Russia, Saudi Arabia, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Someone Is Spilling ISIS's Secrets on Twitter (Daily Beast) The terror group may be on a rampage in Iraq. But ISIS is being threatened from inside, it seems. And no one is sure who's behind the tweets disclosing the group's intimate detail

Hackers Warn Of Cyber Attacks On Oil Companies In Saudi, UAE, Qatar (Gulf Business) The threat has been issued by Anonymous, a politically motivated group of hacktivists, according to Symantec

Ukraine election narrowly avoided 'wanton destruction' from hackers (Christian Science Monitor) A brazen three-pronged cyber-attack against last month's Ukrainian presidential elections has set the world on notice — and bears Russian fingerprints, some say

State-sponsored hackers breached UK government network, claims minister (Graham Cluley) Those pesky state-sponsored hackers under the control of foreign governments have been up to their old tricks again

Next Media websites 'attacked' (Hong Kong Standard) Democratic Party legislator, James To, on Wednesday called on the police to conduct a thorough investigation into a cyber attack on the pro-democracy Next Media Group. The group's Apple Daily websites in Hong Kong and Taiwan have been under attack since 3:30am

Asprox Malware Borrowing Stealth from APT Campaigns (Threatpost) Cybercriminals and advanced attackers are freely borrowing from one another's repertoires to great success

Ramdo Click Fraud is Resurgent, with Ties to Kelihos Botnet (Infosecurity Magazine) Takedown-resistant click-fraud spike is expected to continue

Android Ransomware Uses TOR (TrendLabs Security Intelligence Blog) The recent introduction of ransomware in the mobile threat landscape was followed by a new development: the usage of TOR to hide C&C communication

Android Root Access Vulnerability Affecting Most Devices (Threatpost) A recently disclosed vulnerability in version 3.14.5 of the Linux kernel is also present in most versions of Android and could give attackers the ability to acquire root access on affected devices

Apple iOS and Android security worries the same, yet different (FierceMobileIT) Take your pick: Apple iOS or Android. Either one is a risky proposition, but they expose users to different security threats

Template Document Exploit Found in Several Targeted Attacks (TrendLabs Threat Blog) The use of contextually-relevant emails is one of the most common social engineering tactics employed in targeted attacks. Emails still being the primary mode of business communications are often abused to deliver exploits to penetrate a network that consequently lead to other stages of a targeted attack cycle

Microsoft Warns of Denial-of-Service Bug in Malware Protection Engine (Threatpost) Microsoft today released a security advisory alerting users of a serious vulnerability in the antimalware engine present in a number of security products, including Windows Defender, Forefront and others

Sality Malware (Infosec Institute) During the last Christmas season, a phishing email with an executable named as greetings . exe was broadly sent, and when the email was executed, an image named 'xmas' was drawn on the screen. This has captured the eyes of many security analysts, as the firewall and other prevention measures were disabled. Upon thorough investigation, it was concluded that it was a Trojan classified as Sality.AM, and many files were dropped in the %WINDIR%/TEMP directory

Cyber-Attacked AT&T Users Urged to Watch Out For Financial Fraud (States Chronicles) Last May we reported that giant online retail platform eBay got hacked into and lost personal data belonging to over 145 million users. The news stroke like lightning, as it was one of the biggest, most astute security breaches we came to stumble upon this year. However, in either eBay's or Spotify's cyber attack cases the users weren't robbed of their financial data or highly sensitive personal information

AT&T breach highlights problems of delayed notification, third-party security (FierceITSecurity) AT&T waited more than a month to notify customers that their social security numbers and other sensitive data were stolen by hackers

Stop sneaky hackers from launching DMA attacks (InfoWorld) Traveling to cyber spying hotbeds? Then beware of hackers compromising your system via DMA attacks

Spamvertised 'June invoice' themed emails lead to malware (Webroot Threat Blog) Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet's infected population through the systematic and persistent rotation of popular brands

Hacker mines $620K in cryptocurrency under victims' noses (ComputerWorld) Hijacks network storage devices — and PCs — then puts them to work in the Dogecoin mines

SafetyFirst FTP server compromised exposing customer data (CSO) SafetyFirst is a driver training firm based in Parsippany, NJ. Today they made it known to customers in California that they suffered a data breach

Britain expected to face worst-ever cyber attack (Times of India) GoZeuS is designed to steal banking information from personal computers, while CryptoLocker encrypts user-created files such as business documents and photographs, only releasing them in return for a ransom of hundreds of pounds. The attack is expected on the night on June 17

DDoS attacks: Perfected by hacktivists, preferred by cybercriminals (FierceITSecurity) Once the primary tool of hacktivists bent on disrupting corporate and government websites, distributed denial of service attacks are today being embraced by cybercriminals bent on extortion and distracting firms to steal sensitive data. And not surprisingly, these types of attacks are on the rise

Security Patches, Mitigations, and Software Updates

Microsoft patches antimalware engine vulnerability (ZDNet) A denial of service bug in the engine's JavaScript interpreter could allow an attacker to turn off protection

Microsoft Security Advisory 2974294: Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service (Microsoft Security Tech Center) Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted

Microsoft Amps up Azure's Security Features (eSecurity Planet) Among the newest security features for Microsoft's Azure is the ability to authenticate users to software-as-a-service apps via Azure Active Directory

VMSA-2014-0006.2 updates OpenSSL libraries in VMWare (Internet Storm Center) An update was released today addressing the OpenSSL issues in VMWare products. Libraries have been updated to 0.9.8za and 1.0.1h to fix issues

Cyber Trends

Can digital forensics keep up with smartphone tech? (GCN) The explosive growth in both the use and capacity of smartphones has led to a sea change in digital forensics, creating technology challenges for the justice and law enforcement communities and raising legal questions that in some cases have gone to the Supreme Court

Return of digital privacy will hurt online marketing (Waterloo Record) A cybersecurity expert predicts major disruptions for digital advertising and marketing as people gain more privacy in their online communications and transactions

Employees take too many risks with Wi-Fi security (Help Net Security) UK employees are potentially putting their companies at risk of cyber-attack when using mobile devices for work purposes while on holiday or on a short break, new research has found

The Implications of "Endpoint Protection: Attitudes and Opinions" (Bromium) Bromium has just published the results of "Endpoint Protection: Attitudes and Opinions," a survey of more than 300 information security professionals, focused on end user threats and security. The majority of the respondents believe

Despite high-profile breaches, firms failing to address third-party risks (FierceITSecurity) Companies are failing to address third-party security risks, despite some recent high-profile breaches that resulted from poor security at third-party vendors, such as the Target breach that exposed 40 million credit and debit card numbers and other information

SMBs still use Windows XP and face security risks (Help Net Security) Almost one in five small and medium businesses worldwide are currently exposed to major security risks as they are still using Windows XP after Microsoft ended support for the operating system, according to Bitdefender

Could you maintain security in event of IT failure? (Help Net Security) A study investigating the priorities for the UK and Ireland's top banks and insurance companies has revealed low confidence in the ability to remain secure in the event of an IT collapse, according to Fujitsu. Only a third (35%) of the 176 organizations surveyed said they were "very confident" that security could be maintained in the event of an outage

Businesses ill-equipped to handle data-theft hackers (FierceCIO:TechWatch) Hackers broke into the online systems of Dominos in the countries of France and Belgium, and attempted to blackmail the pizza chain into parting with €30,000 to prevent the public disclosure of the stolen passwords and customer data

Canadian Study Finds Nearly 60 Percent of Organizations Believe They Can't Stop Data Theft (MarketWatch) New Ponemon Institute survey suggests key cybersecurity deficits, disconnects and low attack visibility

India Third-Most Affected by Online Banking Malware: Report (NDTV) The use of Internet has improved the overall banking services in India, but, it has also led to a heightened activity by cybercriminals making the country the third-most affected globally by online malware, a report by cyber-security firm Trend Micro said

Infographic: Banking customers blissfully unaware of rise in cyberattacks (FierceITSecurity) Close to half of banks have experienced a cybersecurity attack in the last year, yet only 5 percent of customers were aware of those attacks, according to a survey of 150 U.S. bank managers by CDW

The Smartification of the Home, Part 1 (TrendLabs Threat Blog) Over the past few years, there has been proliferation of intelligent connected devices introduced into homes across the globe. These devices can range from the familiar — such as tablets, smart phones, and smart TVs — to the less familiar, such as utility meters, locks, smoke and carbon monoxide detectors, motion detectors and scales

Marketplace

The Problem With Cyber Insurance (Dark Reading) Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This has resulted in high premiums, low coverage, and broad exclusions

Security, data center vendors renew focus on stopping rising DDoS attacks (FierceITSecurity) Security and data center vendors are increasing their focus on preventing distributed denial of service attacks as those attacks proliferate, observes Jeff Wilson, principal analyst for security at Infonetics Research

Security Software Maker Cyber-Ark Plotting Possible 2014 U.S. IPO (Wall Street Journal) Company is seeking an initial, overall valuation of around $500 million to $1 billion

FINRA Reviews FireEye Trading Activity Ahead of Mandiant Acquisition (Wall Street Journal) The Financial Industry Regulatory Authority is reviewing trading in computer-security firm FireEye Inc. FEYE -0.34%'s shares ahead of its $1 billion January acquisition of Mandiant Corp., another cybersecurity company known for investigating high-profile data breaches

U.S. Navy's Superior Supplier Incentive Program Being Extended to All Services For Acquisition (SIGNAL) Pentagon ranks its top 30 Defense Department suppliers

There is no shortage of the skills to tackle e-crime, only of employers who train — but what skills do they want and who will deliver the training? (ComputerWeekly) I recently agreed to help e-Skills engage financial services employers in reviewing their cyber security skills programmes, not just to find the gaps but also those willing to help fill them. So far I have found some good news and some bad news

Ocean Bank Selects Easy Solutions to Provide Layered Fraud Intelligence (Broadway World) Easy Solutions, the Total Fraud Protection company, today announced that Ocean Bank, the largest independent state chartered bank in the state of Florida, has selected its suite of fraud protection solutions to ensure robust electronic security for its customers

Admiral Normal Hayes (ret.) Joins SBG Technology Solutions to Grow National Security and Intelligence Capabilities (MarketWatch) SBG Technology Solutions, one of the fastest growing and leading engineering and information technology service providers in the United States, is thrilled to welcome Rear Admiral Norman Hayes to our SBG cadre of experts. Admiral Hayes will spearhead all efforts on intelligence and cyber security and serve as a principal advisor to our customers

Jim Messina Joins Vectra Networks Board Of Directors (Broadway World) Jim Messina Joins Vectra Networks Board Of Directors Vectra Networks, the leader of real-time detection of cyberattacks in-progress, today announced that Jim Messina has joined its board of directors

Products, Services, and Solutions

Gear to Block 'Juice Jacking' on Your Mobile (Krebs on Security) Ever since I learned about the threat of "juice-jacking" — the possibility that plugging your mobile device into a random power charging station using a USB cord could jeopardize the data on that device — I've been more mindful about bringing a proper power-outlet charging adapter on my travels. But in the few cases when I forgot or misplaced the adapter, I've found myself falling back on one of two devices I'll review today that are both designed to block USB charging cords from transmitting data

MS Research publishes JS crypto code for devs (The Register) Microsoft Research has published an under-development JavaScript crypto library, for exposure to developers and researchers interested in cloud and browser security

ThreatTrack Security Rolls Out ThreatSecure (Dark Reading) Venture-backed cybersecurity firm introduces ThreatSecure, a disruptive threat detection and remediation technology, and announces plans to expand into Silicon Valley

Votiro Incorporates Spear Phishing Protection (Newsfactor Business Report) Votiro, the provider of Secure Data Sanitization solutions for protecting organizations against zero-day and other ongoing cyber-threats, announced today that it has extended the usability of its free, cloud-based, sanitization service to include protection against spear phishing and other email-based attacks

Facebook turns user tracking 'bug' into data mining 'feature' for advertisers (ZDNet) Facebook announced changes to its privacy and advertising policies on its company blog, extending Facebook's ability to track users outside of Facebook. This counters 2011's position that [we] "do not track users across the web"

Encryptics Core Encryption Engine Validated by NIST to meet FIPS Cryptography-Based Standards (Broadway World) Encryptics, a provider of patented data privacy and protection services for businesses and government, announced today that its core encryption engine has been validated by the National Institute of Standards and Technology (NIST) under the Federal Information Processing Standards (FIPS)

AhnLab Introduces Its Anti-APT Security Solutions at CommunicAsia 2014 (Wall Street Journal) AhnLab, Inc., a leading provider of information security products and services for enterprise, military and government organizations, and Synetcom Philippines, Inc., AhnLab's strategic business partner, introduced AhnLab MDS, multi-layered security solutions against today's advanced security threats at the CommunicAsia 2014 (Booth Number BB5-08, Basement Level), held on June 17-20, 2014 at Marina Bay Sands, Singapore

New ThalesRaytheon System Monitors Air-Traffic Radar for Signs of Hacking (Defense News) In response to the growing range of cyber attacks on critical infrastructure, Thales and Raytheon have launched a product that alerts customers to disruptive hacking of air-traffic radars

secunet introduces policy framework for eID PKIs (Biometric Update) German IT security solutions provider secunet announced at Security Document World 2014 that it will introduce a policy framework for public key infrastructures with regard to electronic identity documents

ForgeRock Forms Identity Relationship Management Partner Ecosystem (Insurance News Net) ForgeRock said that it has launched the ForgeRock One Technology Partnership Program with nine new members

Microsoft launches a service to help predict the future (ITWorld) The Azure Machine Learning service will streamline the task of predictive analysis, Microsoft asserts

WISeKey Aligns Its Unique CyberSecurity Solutions With Microsoft CityNext (MarketWatch) WISeKey announced today its participation in Microsoft CityNext, a global initiative empowering cities, businesses and citizens to re-imagine their futures and cultivate vibrant communities

Malwarebytes Anti-Exploit offers lightweight protection from new threats (FierceCIOTechWatch) Malwarebytes launched a new Anti-Exploit tool designed to protect Windows users from being hacked based on known or new exploits. The tool does its work by specifically protecting popular targets including Microsoft Office, Adobe software products and Java

Blue Coat Systems offers JIE advanced malware protection (C4ISRNet) As the Defense Department moves toward the centralized network approach of the Joint Information Environment — and the joint regional security stacks that will help keep it secure — one industry partner is providing a crucial layer of protection that will help secure DoD networks worldwide

Successful Launch of Webroot for Gamer at E3 (Webroot Threat Blog) Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association

Technologies, Techniques, and Standards

Six ways to prevent a breach like the one at AT&T (CSO) Experts say there are many technologies available to keep business partners, employees and others away from data they should not see

TrueCrypt — a matter of assurance (Graham Cluley) Over a number of years, TrueCrypt gained a reputation and a sizeable following as a reliable and stable, tried and tested free full disk encryption solution

Error logging and tracking done right with Raygun.io (Troy Hunt) For some years now, one of the first things I've dropped into any new project has been ELMAH. Grab it from NuGet, provision yourself a SQL database table and watch magic happen as every unhandled error gets dumped into the DB and is reviewable via a handler which exposes the original stack trace amongst other info such as server variables and POST data. In theory, you also secure this. In practice, many people don't

Ransomware with a happy ending (Naked Security) Ransomware is certainly a hot topic these days. That's the sort of malware that locks up your computer, or scrambles your data, and demands a fee to get things back the way they were

7 Things Your Boss Needs to Know About Phishing (Cyveillance Blog) As an IT security professional, you spend your day protecting your organization and managing risk. You handle the day-to-day tasks that help keep the criminals out, like monitoring log files, updating antivirus software, managing firewalls, and responding to cyber security incidents. You deal with threat vectors like phishing every day, but can you explain to your boss (or your boss' boss) the seven things about phishing that he or she really needs to know?

Windows XP, slow to die :-( (Internet Storm Center) After traveling around the past few months in various countries it looks like getting rid of Windows XP is going to take quite a while. It is probably due to the fact that it has expired that I noticed it more than usual, but XP is certainly everywhere. You see it at airports on display boards, Point of Sale systems. In one overseas country the computers in customs as well as the railway displays and control systems and hospitals

Design and Innovation

Saving old software from extinction in the age of cloud computing (Ars Technica) Will cloud-dependent software leave anything behind for future historians?

Academia

Being a CISO at a higher education institution (Help Net Security) In this interview, Matt Santill, CISO of Broward College, talks about the requirements and peculiarities of his job, the technologies the college uses to make its network safe, and offers advice for CISOs working in other educational institutions

High-schoolers try college life in USF summer program (Tampa Tribune) She was missing an end-of-the-school-year party thrown by her friends at King High School, but their attempts to rub it in wouldn't rile Mallika Bhatta

The Next Big Thing You Missed: A Social Network That Could Truly Reform Our Schools (Wired) The federal government has spent 12 years trying to impose reform on primary and secondary schools from above, using things like financial incentives and standardized tests. Edmodo is working from the other direction, hoping to improve our schools from the bottom

Legislation, Policy, and Regulation

UK forges close cyber ties with China despite 'endemic espionage' (The Guardian) UK's National Crime Agency has met at least twice with Chinese authorities recently in efforts to battle cybercrime

U.S., NATO Exploring Collective Cyber Defense (USNI News) Top American and NATO military leaders could begin exploring the ramifications of an Article 5 response by the alliance to a cyber attack, according to a top Pentagon cyber official

Cybersecurity a key bilateral issue for White House, and not just with China (FCW) The Justice Department's indictment last month of five Chinese military officers for alleged cyber-espionage sent a shockwave through Sino-American relations, surprising some cybersecurity experts and leaving all to divine Washington's next move on the issue

Cyber agenda considers security impact of declassifying IP (Government Computing) The declassification of government-designed intellectual property for potential commercial use and assistance for small and medium-sized enterprises (SMEs) to mitigate security risks in providing public services will be among the key focuses at an information assurance event that concludes today

U.S. senators push ahead with cyber security legislation (Reuters via Business Insurance) The U.S. Senate Intelligence Committee is expected to consider a bill next week aimed at encouraging companies to exchange information on hacking attempts and cyber security threats with the government, senators said on Tuesday as they released a draft of the legislation

Senators: No 'watered down' NSA reform (The Hill) Three senators are doubling down on their call for a sweeping end to the National Security Agency's "dragnet surveillance"

Snowden Leaks Cost Nation's Cyber Security Efforts, Former NSA Official Says (Wall Street Journal) A former deputy National Security Agency director said intelligence secrets leaked by Edward Snowden last June derailed legislative attempts to encourage the public and private sectors to share information about vulnerabilities in cyberspace, and said the government must do more to encourage such collaboration

Silicon Valley Is Key to Limiting NSA Surveilance (East Bay Express) Pulitzer Prize winner Glenn Greenwald says tech giants have a role to play in lobbying to push for restrictions on the power of the National Security Agency

Agencies work to close mobile security, connectivity gaps (GCN) The right mix of technology and policies will help agencies strike a balance between government-issued and personal devices as they attempt to give a mobile workforce secure access to data from anywhere, anytime and any device

Texas Ethics Opinion Strips IT Professionals of CIO, CTO Titles (Law Technology News) The Texas State Bar's Professional Ethics Committee forbids non-lawyers to have titles with 'principal' or 'officer'

Litigation, Investigation, and Law Enforcement

Judge orders release of NSA surveillance court rulings (SFGate) A federal judge in Oakland, citing "intense public interest and concern" about government surveillance, has ordered the Obama administration to turn over secret court rulings about National Security Agency activities so she can decide whether to make them public

Last stand? Microsoft fights a U.S. warrant for the future of the cloud (InfoWorld) Microsoft and other tech giants are battling the U.S. government over the right to see email stored on foreign servers

Court: Terror suspect can't get NSA evidence gathered against him (Ars Technica) "The investigation did not violate FISA," writes appeals court

Judge allows US Marshals' seizure of stingray records, dimisses lawsuit (Ars Technica) What began as request for info on cell tracking records turns into surreal tale

Google hit with new EU complaint over alleged abusive app store behavior (FierceMobileIT) Portuguese app store firm Aptoide hit Google with a European Union (EU) complaint alleging abusive practices by the search giant

Is a Facebook death threat a true threat? Supreme Court to decide (Naked Security) In 2010, the wife of a US man from Pennsylvania, Anthony D. Elonis, took their two kids and left him

Nokia Paid Millions to Symbian Blackmailer After Bungled Cop Op (Infosecurity Magazine) Finnish firm was victim of extortion after encryption key found its way into the wrong hands, police admit

20-years-old Alleged "NullCrew" Hacker Arrested by the FBI (HackerNews) The FBI officers have arrested a 20-year-old Tennessee man and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on five organizations in 2013, including two universities and three companies in the US and Canada, federal law enforcement officials announced today

ACLU Sues After Illinois Mayor Has Cops Raid Guy Parodying Him on Twitter (Wired) Countless parody Twitter accounts have been created over the years — British Petroleum, Mark Zuckerberg, the NSA, the Queen of England and even God

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's...

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.

AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, January 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information...

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics...

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.