skip navigation

More signal. Less noise.

Daily briefing.

The Syrian Electronic Army succeeded in redirecting Reuters traffic to one of its own sites. The SEA accomplished this through an indirect approach, compromising Taboola's recommended content widget embedded in Reuters' pages. Taboola confirms the compromise, but offers no comment so far on the SEA's claim to have also accessed Taboola's PayPal account.

The incident highlights, again, the risk of attacks via third-party vendors and partners. Target, one recalls, was compromised via an HVAC contractor, and other reports warn that advertising agencies have become attractive targets of espionage services looking for the agencies' clients' intellectual property.

Not much news on last week's threatened OpPetrol (which suggests an Anonymous hacktivist fizzle). The Scotsman, however, warns of the economic consequences of attacks on offshore oil production. Vietnam's Ministry of Natural Resources and Environment (MONRE) has sustained a targeted cyber espionage campaign. Since Vietnam is one of the countries embroiled with China in territorial disputes over resource rights in the South China Sea, a short list of suspects is relatively easily developed.

The Code Spaces post mortem continues. Remember that it wasn't denial-of-service that killed the business: DDoS was the extortion threat; compromised logins and data destruction were the kill shot.

The US hedge fund that was recently attacked remains unidentified, but the attackers' motives are growing clearer: theft of traders' tools to enable front-running trades.

US tech firms continue to face NSA-related headwinds in international markets. Anonymity-promising services like ProtonMail draw many ready customers.

The Breakthrough Prize Foundation awards five mathematicians $15M.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Germany, Israel, New Zealand, Norway, Russia, Syria, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

Reuters website 'hacked' by the Syrian Electronic Army (Hot for Security) The notorious Syrian Electronic Army (SEA) has claimed the scalp of another high profile media organisation, redirecting internet users visiting articles on the Reuters website to one under the control of the attackers

Taboola confirms security breach, and has its PayPal account pwned (Graham Cluley) This weekend, visitors to news articles on the Reuters website found themselves redirected to a page belonging to the Syrian Electronic Army hacking group. As I wrote at the time, rather than this being a straightforward hack of Reuters' servers, suspicion pointed in the direction of the Taboola recommended content widget that Reuters had embedded on its site

Syrian hacktivists find new way to target Reuters (ComputerWeekly) The Syrian Electronic Army (SEA) has found a new way of targeting the Reuters news agency, highlighting the need for greater supply chain and partner security

Cyber attack on oil firms 'could cost billions' (The Scotsman) A cyber attack on the offshore industry could cost oil and gas firms billions of pounds in lost revenue, an expert warned today

Targeted attack against Vietnamese government: right on the MONRE (We Live Security) ESET researchers recently came across a targeted attack against the Vietnamese government's Ministry of Natural Resources and Environment (MONRE). In this report, we will look at how the attackers targeted Vietnamese government employees, the behavior of the malware on MONRE's systems, and how the attackers attempted to exfiltrate data

Over 350,000 participate in HK democracy 'referendum' despite massive cyber attack on site (Shanghaiist) The unofficial referendum on universal suffrage in Hong Kong has incited a global cyber war. Even before voting began yesterday morning, the website has faced attacks four times greater than anything they'd previously experienced — apparently the second greatest cyber attack the world has ever seen at 300 Gbps

Cyber attack claims 'groundless': Holden Chow (Hong Kong Standard) The chairman of the Young DAB, Holden Chow Ho-ting, says claims that Beijing orchestrated major cyber attacks ahead of Occupy Central's vote on political reform are groundless

Move receives ransom demand to stop cyber attack (HousingWire) Strategic DDoS attack clogs website

Internet firm goes out of business after DDoS extortion attack (We live Security) In the last few weeks there have been numerous stories of online criminals launching attacks against businesses with the aim of extorting money from their victims

How a hacker destroyed a promising cloud service with a few clicks of the mouse (FierceCIOTechWatch) A code-hosting and software collaboration platform was put out of business by an attacker who deleted a significant portion of the company's online data and backups. Ironically, Code Spaces offered a code-hosting service that boasted of the ability to protect customer data from catastrophic events with a proven "full recovery plan"

Cyber Attack Forces Code Spaces out of Business — A Wake-Up Call for the Boardroom, Says IT Governance (EIN News) An organisation's cyber resilience is the critical survival factor as the severity and frequency of attacks increase

DDoS + Breach = End of Business (GovInfoSecurity) A distributed-denial-of-service attack and subsequent data breach that led to the shuttering of source code hosting firm Code Spaces offers an eye-opening reminder: Beware of DDoS attacks used as a diversionary tactic to draw attention away from devastating hacking

How to avoid having your cloud-hosted business destroyed by hackers (CSO) Experts outline steps to avoid a fate like Code Spaces

This Video Shows A Day In The Life Of DDOS Cyber Attacks (TechCrunch) Update: This is a video that's been shared throughout the Internet purporting to show a concerted DDOS attack coming mainly from China and concentrated on United States internet servers on the day that Facebook's service was down for many users worldwide. We've looked into this further, however, and it turns out this attack bore no relation to Facebook's outage on Thursday

The Spy in the Ad Agency (Epoch Times) How the Chinese regime uses ad agencies to steal proprietary information

Are your third-party vendors leaving the door open to hackers? (Help Net Security) By now, every security professional in the world should know the story about Fazio Mechanical Services. The Pennsylvania-based company specializes in heating, air conditioning and refrigeration services, and numerous large companies, including Target, trusted Fazio for its HVAC expertise. Fazio's level of security expertise, however, was another matter. Its reliance on a free version of a malware detection tool, plus its access to Target's external billing system and online project management portals, plus a savvy attacker added up in 2013 to the fourth largest data breach of all time

Hackers steal trade secrets from major US hedge firm (The Register) Trades delayed as multi-million dollar secret sauce snaffled

Why hedge funds are under attack by cyber-criminals (CNBC) US hedge funds have been under stealthy attacks from cyber-criminals intent on intercepting trading strategies in order to profit from front-running and other illicit maneuvers

"Free" Wi-Fi from Xfinity and AT&T also frees you to be hacked (Ars Technica) Ars tests how easy it is to spoof big broadband providers to grab data

Darkness Still Lurks (Fortinet Blog) Darkness, a.k.a. Optima, is a bot that majors in performing distributed denial-of-service (DDoS) attacks. This botnet is an old one that has been in the Russian cybercrime underground market for a long time. Since 2013, there has been no new update and so most variants are down. According to our botnet monitoring system's continued tracking, there is still one variant that has been active for almost one year. During this period, this DDoS bot has performed several attacks

Context Uncovers Primitive Tactics within Modern Malware (Spamfighter) Context Information Security, which conducted one fresh research, found that a malware family known as a "most advanced global cyber-espionage operations to date" was utilizing virus tactics of the old school

Public Wi-Fi a threat to corporate networks: BAE Systems (ARN) Employees risk corporate networks when connecting to public Wi-Fi on their own devices

'Yo' app hacked by college students, hires one of the hackers (Naked Security) Yo is crazy simple: you just message "Yo" to a contact

LinkedIn Responds to Criticism of its SSL Implementation (SecurityWeek) LinkedIn said that a majority of its users are not affected by the SSL issue reported by security company Zimperium

Metropolitan Companies Inc suffer data breach (CSO) Another day, another breach

British Gas Help Twitter account hacked, customers pointed towards phishing sites (Graham Cluley) It appears that British Gas's support team suffered a social media hack earlier today, which saw their Twitter account compromised by online criminals

Medtronic says was victim of cyber attack, lost patient records (Reuters) Medtronic Inc (MDT.N), the world's largest stand-alone medical device maker, was the victim of a cyber attack and lost some patient records in separate incidents last year, it said in a regulatory filing on Friday

Who's Behind Russia's "WikiLeaks"? (TechPresident) Representatives of a "mysterious Russian hacker collective" known as "Anonymous International" or "Shaltay Boltay" (Humpty-Dumpty) have denied being hackers. They have told the press that they do very little technical hacking. Mostly they leak things: government memos, email exchanges, and insider reports

PEPCO Pakistan website hacked against police brutality on Qadri's supporters (HackRead) The official website of Pakistan Electric Power Company (Private) Limited (PEPCO) has been hacked by Pakistani hackers in protest against massive police brutality on protesters and supporters Dr. Tahir ul Qadri, a Pakistani politician and Islamic scholar

PARCC Security Breaches Revealed; Microsoft, InBloom, News Corp. Implicated (Bayoo Buzz) When LouisianaVoice broke the story about the stealth agreement between the Louisiana Department of Education (DOE) and Rupert Murdoch's News Corp. whereby DOE would provide News Corp. with personal information on Louisiana's public school students for use by a company affiliated with the Bill and Melinda Gates Foundation, the resulting firestorm resulted in cancellation of the agreement

Top Five Phishing Myths Debunked (Cyveillance Blog) Phishing is a well-known word amongst information security professionals, and something they deal with on a daily basis. Simply put, phishing is defined as using tricks via digital communication methods to attempt to get unsuspecting people to provide personal information like passwords and account numbers that can be used to break into their online banking, social media, or other accounts

Bulletin (SB14-174) Vulnerability Summary for the Week of June 16, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

New Security Update Disables RC4 in Transport Layer Security (WindowsITPro) Reported first in May 2014, an update is now available for practically all versions of supported Windows versions that are running the Microsoft .NET Framework 3.5 through 4.5.x. The update disables RC4 (stream cipher for encryption and decryption) communications in the Transport Layer Security (TLS — the latest version of Secure Sockets Layer protocol) due to a vulnerability that could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions

Android 4.4.4 fixes OpenSSL connection hijacking flaw (IDG via CSO) Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL cryptographic library

Cyber Trends

Infosec Professionals Don't Trust Endpoint Security (Infosecurity Magazine) End users are the cybersecurity staff's worst nightmare

Former NSA Chief Mike McConnell Says Culture, Not Tech, Is Key to Cyber Defense (Wall Street Journal) "It is not a tech issue. We're the best in world at technology. It becomes a behavior issue and a talent issue," says Mike McConnell, who is retiring this month as vice chairman of Booz Allen Hamilton, the government contractor where NSA leaker Edward Snowden worked

DARPA: Without better security, the internet of things will be messy (Gigaom) The defense research agency's information innovation director reckons the internet of things will need a "fundamentally new security model"

Bromium CTO Explains Promise of Secure by Design (eSecurity Planet) Simon Crosby, Co-founder and CTO of Bromium, details his company's progress to deliver a Byzantine Fault Tolerant security solution

The Key to Anticipating Cyber-Attacks: Insights for Banking Institutions about Analyzing Intelligence (GovInfoSecurity) Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC

Growing call for anonymity online, says Cambridge researcher (ComputerWeekly) While it is extremely difficult to be completely anonymous on the internet, new technology is making it possible to protect users' privacy far better, says a Cambridge researcher

Marketplace

Merci, Monsieur Snowden: NSA Fallout Is Good News for European Cyber Firms (Defense News) As European defense firms jump into the cybersecurity business to compensate for dipping military spending, they're benefiting from the work of one man: Edward Snowden

Microsoft: NSA security fallout 'getting worse' … 'not blowing over' (The Register) 'Double-digit declines in people's trust in American tech companies' is bad for business

Israel Claims $3B in Cyber Exports; 2nd Only to US (Defense News) Netanyahu: 'We Have a Land Flowing With Milk and Cyber'

Cyber Professional Shortage Likely To Solve Itself, RAND Study Finds (HS Today) A new study released by the RAND Corporation suggested that while the shortage of skilled cybersecurity professionals poses a grave risk to national and homeland security, the difficulty of finding qualified cybersecurity candidates is a problem that will likely correct itself

Oracle to buy Micros Systems in $5.3 billion deal (Reuters) Oracle Corp ORCL.N said it would buy Micros Systems MCRS.O in a $5.3 billion deal to expand its offerings for the hospitality and retail industries

Fresh responses emerging to banking security (Brazil Business Today) A couple of IT security companies, Tempest Security Intelligence of Brazil and Norwegian company Protectoria, who have ambitions to grow in this country got together at techUK's London HQ to focus on innovations targeting financial institutions

Ex-NSA Chief Pitches Banks High-Cost Advice on Cyber-Attacks (Bloomberg via the Washington Post) As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he's selling the message directly to the banks

This 'NSA-Proof' Email Service Raised $160,000 And Signed Up 200,000 Users In Just One Month (VentureBeat) ProtonMail, an encrypted email service that advertises itself as "NSA-proof," launched to much acclaim about a month ago

Products, Services, and Solutions

Twitter Reverses Decision to Censor Content in Pakistan (EFF) Last month, we harshly criticized Twitter for responding to questionable legal orders from Russia and Pakistan to take down content. We argued that the company that once called itself "the free speech wing of the free speech party" had caved in the midst of corporate expansion. We are therefore pleased to see that Twitter has reversed course on its approach to Pakistan

Google unveils independent "fork" of OpenSSL called "BoringSSL" (Ars Technica) Stripped down package means there will be three independent versions of OpenSSL

NCC in cyber crime fight (Manchester Evening News) NCC is preparing to go live with the domain name .trust, which it bought from Deutsche Post for an undisclosed fee earlier this year

Elfiq Networks Brings Traffic Prioritization and Deep Packet Inspection to Hotel Managers (Hospitality Net) Elfiq Networks, manufacturer of the most innovative link balancer solutions on the market today, is proud to be attending HITEC 2014, on June 23-26 in Los Angeles. "Elfiq Networks is always excited to attend HITEC," said Patrice Boies, VP Business Development at Elfiq Networks

Ecrypt Technologies and Cyber Risk Pro Services Form Cyber Protection Partnership (Wall Street Journal) Ecrypt Technologies (OTCQB:ECRY) announced today that Cyber Risk Pro Services of Seattle, Washington and Ecrypt formalized their strategic marketing alliance through a formal, worldwide exclusive arrangement whereby Ecrypt will promote, sell and distribute all of Cyber Risk Pro Services and executive programs targeted to state, county and local Governments

Cloud security firm Afore expands integration with BitLocker (Computer Dealer News) Ottawa-based cloud security and data encryption company Afore Solutions Inc., is integrating its virtual machine security software with Microsoft's drive encryption platform BitLocker

Pinup: Netskope Provides Nice Blend Of Cloud Security And Performance (CloudTweaks) Our world has become fairly riddled with cloud services and technology. It seems like every time you turn around, a new tech or service is being rolled out, expanding our capabilities in the cloud to one degree or another. This trend is only expected to grow in the coming years, with cloud computing geared to be the primary means of doing business both on the internet and in the real world

Carbonite Intros First Data Protection Appliance, Ties To Amazon Cloud For Business Continuity (CRN) Cloud backup and recovery developer Carbonite on Wednesday moved further away from its consumer user roots and toward the small business market with the release of its first hardware appliance targeting fast local data restores while maintaining data in the cloud

Microsoft to Preview Interflow Information Sharing Platform (Threatpost) Much like the Year of PKI that has never come to be, information sharing has been one of security's more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities

OfficeMalScanner helps identify the source of a compromise (Internet Storm Center) While working a recent forensics case I had the opportunity to spread the proverbial wings a bit and utilize a few tools I had not prior

New tool: kippo-log2db.pl (Internet Storm Center) I've been running kippo for several years now on a couple of honeypots that I have around and when I started I was just logging to the text logs that kippo can create. Since then, kippo now supports logging directly to a MySQL database and some other folks

Tool aims to help enterprise IT manage 'honeypot' hacker decoys (IDG via CSO) A new tool called the Modern Honey Network (MHN) aims to make deploying and managing large numbers of honeypots easier so that enterprises can adopt such systems as part of their active defense strategies

Watch the global hacking war in real time with a weirdly hypnotic map (Quartz) Well-organized hackers from China have been blamed for everything from crippling pro-democracy websites in Hong Kong to stealing corporate secrets from US companies in recent months. The US and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries

Technologies, Techniques, and Standards

TrueCrypt developer says forking the software is impossible (Help Net Security) Even though a number of people have expressed interest in continuing the development of TrueCrypt, the future of these projects is questionable as one of the TrueCrypt developers feels that "forking" the software would not be a good idea

Mock email scam ensnares hundreds of federal Justice Department bureaucrats (Chronicle Herald) Many of the Justice Department's finest legal minds are falling prey to a garden-variety Internet scam

Design and Innovation

Nathaniel Fick: Encourage Innovation to Secure Military Systems From Cyberwarfare (ExecutiveBiz) Nathaniel Fick, chief executive of software and security solutions company Endgame, agrees with U.S. military officials and other cyber industry leaders that with the continued use of ever-evolving information and communications technology comes the threat of cyberwarfare

Research and Development

Silicon Valley Players Hand Out $15M for Breakthrough Prizes in Mathematics (Re/Code) The Breakthrough Prize Foundation, which is funded by a group of high-profile Silicon Valley luminaries, has named five winners of its first mathematics prize

Academia

NSA Names NYU School of Engineering to Exclusive List of Cyber Security Programs (Broadway World) The National Security Agency and the United States Cyber Command have named the NYU Polytechnic School of Engineering as a National Center of Academic Excellence in Cyber Operations, the first in New York earning the designation and one of only a handful in the country to earn all three Center of Excellence designations from NSA

Illinois college offering scholarships to League of Legends players (Joystiq) Robert Morris University in Chicago put out a call recruiting League of Legends players to its first varsity eSports team earlier this month. According to Riot Games, RMU will become the first university to offer a competitive team at the varsity level, and will offer scholarships to players "of up to 50 percent tuition and 50 percent room and board"

Why these local teens are learning to hack (San Diego Union-Tribune) Some kids make lanyards and take kayake lessons at summer camp. Chloe Crisostomo learned how to hack into a computer system and fight malware (malicious software)

Legislation, Policy, and Regulation

China cuts access to Dropbox (CIO) The move follows the country's blocking of Google services in late May

GCHQ's favourite firms to get secret hacking alerts: National security fears raised over BT's links with Chinese company (This is Money) Spy agency GCHQ is to provide classified information to private companies thought to include BT and Vodafone to guard against cyber attacks, but the move has raised security fears

UK divided on government role in cyberspace, survey shows (ComputerWeekly) UK citizens are divided on the role of government in cyber space, a survey by business consultancy KPMG and Censuswide has revealed

Spying Together: Germany's Deep Cooperation with the NSA (Spiegel) Cooperation between Germany's foreign intelligence service, the BND, and America's NSA is deeper than previously believed. German agents appear to have crossed into constitutionally questionable territory

More Foreign Governments Provide NSA with Support for Global Data Surveillance (AllGov) The National Security Agency's (NSA) reach of spying on worldwide communications is even broader than previously reported, according to new information leaked by whistleblower Edward Snowden

Obama Extends Bulk Phone Data Collection Program To September (National Review) President Obama extended the National Security Agency program until September by convincing a judge to reauthorize the existing program as his administration promises to work with Congress to pass legislation that would circumscribe the bulk collection of American phone records

Joint Statement From the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) Earlier this year in a speech at the Department of Justice, President Obama announced a transition that would end the Section 215 bulk telephony metadata program as it previously existed, and that the government would establish a mechanism that preserves the capabilities we need without the government holding this bulk data. As a first step in that transition, the President directed the Attorney General to work with the Foreign Intelligence Surveillance Court (FISC) to ensure that, absent a true emergency, the telephony metadata can only be queried after a judicial finding that there is a reasonable, articulable suspicion that the selection term is associated with an approved international terrorist organization

Senate Panels to Tackle Cybersecurity Bills (BankInfoSecurity) Debate slated for FISMA reform, cyberthreat sharing measures

Reform, after all (Indian Express) US House of Representatives' surprise move to curtail NSA's powers is encouraging

Little reform since Snowden spilled the beans (Japan Times) A year has passed since the American former intelligence contractor Edward J. Snowden began revealing the massive scope of Internet surveillance by the U.S. National Security Agency

Redeeming NIST's Reputation (BankInfoSecurity) Bill Would Ban NSA from Undermining NIST Crypto Standards

The Admiral Sets a Good Course (Huffington Post) Admiral Mike Rogers, the new leader of the National Security Agency and Cyber Command at the Defense Department, certainly has taken a different approach from his predecessor, General Keith Alexander. Right out of the gate, Admiral Rogers noted that the NSA had a public image issue and that it had lost some of its credibility with the American public

Litigation, Investigation, and Law Enforcement

US NSA granted extension to collect bulk phone data (PCWorld) The U.S. National Security Agency has been allowed to continue to collect phone records in bulk of people in the country, while lawmakers consider new legislation that would block the agency from collecting the data

Snowden rejects German panel's Moscow meeting plan (AP via KXNET) National Security Agency leaker Edward Snowden is rejecting calls to meet in Moscow with a German parliamentary inquiry into the extent of surveillance by the U.S. and its allies

Zeldes Haeggquist & Eck LLP Announces Investigation of FireEye, Inc.'s March 7, 2014 Secondary Offering (MarketWatch) Zeldes Haeggquist & Eck, LLP , a shareholder and consumer rights litigation firm has commenced an investigation on behalf of shareholders who purchased shares of FireEye, Inc. ("FireEye" or the "Company") FEYE -0.16% common stock directly pursuant to FireEye's March 7, 2014 Secondary Offering (the "Secondary Offering"). Specifically, Zeldes Haeggquist & Eck, LLP is investigating whether FireEye and its top executives and officers made false and misleading statements in the prospectus and registration statement that the Company provided to investors in connection with the Secondary Offering

IRS chief evades blame over lost emails during grilling by House Republicans (TribLIVE) The head of the Internal Revenue Service refused to apologize on Friday for lost emails in the scandal over the improper screening of conservative groups and denied more widespread computer failures

Don't shoot the demonstrators (Light Blue Touchpaper) Jim Graves, Alessandro Acquisti and I are giving a paper today at WEIS on Experimental Measurement of Attitudes Regarding Cybercrime, which we hope might nudge courts towards more rational sentencing for cybercrime

FBI New York Announces Newly Formed Cyber Task Force with NYPD and MTA (FBI New York Press Office) George Venizelos, the Assistant Director in Charge of the FBI; William J. Bratton, Commissioner of the New York City Police Department (NYPD); and Thomas F. Prendergast, Chairman, Chief Executive Officer of the Metropolitan Transportation Authority, announce the establishment of the Financial Cyber Crimes Task Force. The task force will operate out of the FBI's field office in New York and will focus on cyber-related criminal activity in the region. A memorandum of understanding was signed between the three agencies this month

Card Wash: Card Breaches at Car Washes (Krebs on Security) An investigation into a string of credit card breaches at dozens of car wash locations across the United States illustrates the challenges facing local law enforcement as they seek to connect the dots between cybercrime and local gang activity that increasingly cross multiple domestic and international borders

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

BalCCon2k14 (Balkan Computer Congress) (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.

AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, January 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information...

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics...

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.