skip navigation

More signal. Less noise.

Daily briefing.

All quiet on the cyber front (apparently) between Russia and Ukraine as Vladimir Putin digests Crimea, but some useful overviews of recent activity and the provenance of Turla/Snake appear.

Linux server campaigns prove difficult to eradicate.

Mozilla patches Firefox vulnerabilities exposed in Pwn2Own. Java 8 is out.

The hacking of Flight 370 is a matter of speculative, a priori possibility without positive evidence, but a consideration of cyber risks facing commercial aviation remains instructive. Israeli Defense offers a rundown of coverage that includes comparison with 2008's Spanair flight 5022 crash, an accident in which malware was implicated.

Less speculative, however, are analyses that point to the glare-of-war in which too much information blinds watchstanders. Tripwire notes that, whatever happened aboard Flight 370, glare hindering responders and security officers is one feature the disappearance shares with the Target breach. Many companies offer palliatives for glare, but any comprehensive solution would seem to require machine-learning and automated reverse engineering. (Which would also help keep pace with swiftly evolving malware: ZBOT, for example, has just acquired aggressive clickbot functionality.)

Many call for more effective risk-based security approaches (on the sensible grounds that they who defend everything probably defend nothing). Such approaches require, as lawyers and insurers note, a rigorous way of determining value-at-risk.

NSA Director Alexander calls for more threat information sharing. It's a tough problem: privacy, anonymity (especially), and regulation are all in tension with collaborative security, even among Federal agencies.

Surveillance surprises Google; NSA counsel says companies knew all about it.

Notes.

Today's issue includes events affecting Brazil, China, France, Japan, Malaysia, Russia, Spain, Switzerland, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Massive cyberattacks slam official sites in Russia, Ukraine (Christian Science Monitor via Yahoo! News) After Sunday's disputed Crimea vote, Russian government sites were hit with a powerful wave of denial-of-service attacks, apparently in response to cyberattacks on official Ukrainian sites

Spyware Targets U.S. and Europe (Top Tech News) Malware known as Turla may be the work of the Russian government and could be linked to a massive breach on the U.S. military in 2008, security researchers say. The Turla spyware is used to establish a hidden foothold in infected networks from which they can search other computers, store stolen data, then transmit data back to their servers

Hacking a Boeing 777 (GovInfoSecurity) Can a Cyber-Attack Bring Down an Airliner? Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack, until now. A cybersecurity expert contends hacking an airliner is feasible

Was Malaysia Flight MH370 Cyber-Hijacked? (Israel Defense) The aviation industry faces major risks on all of its fronts. Could the answer to the missing plane be that this is "the world's first cyber hijack"

How the Target Breach and the Malaysian Flight Mh370 Mystery are Related (Tripwire: The State of Security) While there has been at least one article suggesting that hackers could have diverted the Malaysian jet which mysteriously disappeared over the South Pacific, what really unites the jet mystery with the Target breach is the topic of "alarm overload." Numerous public safety incidents have, over the years, been linked to alarm systems that failed to provide the necessary alert it was designed to produce

Linux worm Darlloz targets Intel architecture to mine digital currency (ZDNet) A new variant of the Darlloz worm focuses on manipulating home systems to mine for digital currency beyond Bitcoin

Linux Takeover Artists Fling 35M Spam Messages Daily (Dark Reading) "Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day

Tor warns of malicious Tor browser offered on the App Store (Help Net Security) A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple's App Store

Hackers besiege PHP sites with 30,000 attacks hitting patched exploit (V3) The number of cyber attacks targeting PHP sites using a known vulnerability has skyrocketed over the past six months, despite the availability of a patch fix for the exploit

EA hacked to steal your Apple ID (C/Net) Hackers have targeted EA, the people behind Titanfall, FIFA 14 and Battlefield 4, to try and steal your Apple ID and credit card details

ZBOT Adds Clickbot Routine To Arsenal (TrendLabs Security Intelligence Blog) The ZeuS/ZBOT malware family is probably one of the most well-known malware families today. It is normally known for stealing credentials associated with online banking accounts. However, ZBOT is no one-trick pony. Some ZBOT variants perform other routines like downloading or dropping other threats like ransomware

Research Finds MAC Address Hashing Not a Fix for Privacy Problems (Threatpost) A quick research project done by a graduate student at Stanford on the security of hashed MAC addresses in retail analytics software has shown that time and the inevitable advancement of technology have are the greatest enemies of cryptography

Healthcare.gov: Proceed at your own risk (CSO) The government insists the Obamacare site is secure. But most experts disagree

IRS Acknowledges Insider Data Breach (eSecurity Planet) Approximately 20,000 current and former employees' names, addresses and Social Security numbers may have been exposed

Aversion to new Facebook News Feed could lead to scams (Help Net Security) Facebook has been gradually rolling out a new, more simplified design for users' News Feed for a while now

A history of Bitcoin hacks (The Guardian) The alternative currency has been plagued by hacks, ponzi schemes and increasingly professional thefts since 2011

Secunia Vulnerability Report Questioned by Experts (CSO) The team at the OSVDB (Open Sourced Vulnerability Database) project have taken issue with Secunia's latest vulnerability report, noting it uses flawed methodology and provides little benefit to organizations

Socks4/Socks5 enabled hosts as a service introduces affiliate network based revenue sharing scheme (Webroot Threat Blog) Thanks to the commercial and public availability of DIY (do-it-yourself) modular malware/botnet generating tools, the diverse market segment for Web malware exploitating kits, as well as traffic acquiring/distributing cybercrime-friendly traffic exchanges, cybercriminals continue populating the cybercrime ecosystem with newly launched services offering API-enabled access to Socks4/Socks5 compromised/hacked hosts

A Cybercrime Gang-Software Pirate Mash-Up (Dark Reading) New report illustrates lucrative market for malware-riddled, pirated software — and the cost to enterprises

Security Patches, Mitigations, and Software Updates

Mozilla Patches Pwn2Own Zero Days in Firefox 28 (Threatpost) Mozilla released Firefox 28 yesterday, patching four zero-day vulnerabilities disclosed during last week's Pwn2Own contest

For the Adventurous, Java 8 is out (Internet Storm Center) Looks like JAVA 8 is out (thanks Rob)

Cyber Trends

The Goldilocks Dilemma: Too Much Cybersecurity Or Too Little? (Forbes) Cybersecurity continues to be a hot topic these days, but it's unclear whether CIOs are doing too much or too little to tackle the problem. Sometimes it seems as though enterprises are developing the same attitude about breaches that Californians have about earthquakes — sure, we're vulnerable, but what are the chances of it shaking really, really bad right where I'm standing

91% of video surveillance deployments involve IT departments (Help Net Security) ESG research found that among organizations currently using video surveillance technology, 91% indicate that IT manages or supports these deployments. Of the final survey pool of IT professionals involved with video surveillance at mid- to enterprise-sized organizations, 47% claim their department is the group most responsible for setting surveillance strategy and making final infrastructure purchasing decisions

There are real and present dangers around the Internet of Things (The Guardian) Despite plenty of scaremongering, there are reasons to be worried about the emergence of a hyper-connected world

Security, M&A among hospital CIO frustrations for 2014 (FierceHealthIT) As 2014 kicks into full gear, what topics elicit fear and frustration among health CIOs? Bonnie Siegel, a healthcare IT recruiter for Witt/Kieffer, shared some of her takeaways from discussions with CIOs at the College of Healthcare Information Management Executives' CIO Forum in Orlando

Hacks of Ages (Juniper Networks) From the click-clack of the Enigma machine that stumped so many for so long to the Anonymous "Million Mask March" on the White House to protest against corporate and government corruption, we've assembled an illustrative timeline of the cyber world

Marketplace

Spying Is Bad for Business (MIT Technology Review) Can we trust an Internet that's become a weapon of governments? Following a one-day summit in Brasilia this February, negotiators from Brazil and Europe reached a deal to lay a $185 million fiber-optic cable spanning the 3,476 miles between Fortaleza and Lisbon. The cable will be built by a consortium of Spanish and Brazilian companies. According to Brazil's president, Dilma Rousseff, it will "protect freedom." No longer will South America's Internet traffic get routed through Miami, where American spies might see it

Major departments seek continuous monitoring acquisition independence from DHS (FierceGovernmentIT) Some federal agencies are choosing to buy continuous monitoring tools independently of the Homeland Security Department's Continuous Diagnostics and Mitigation Program despite forfeiting DHS procurement money for those tools when doing so

Virginia Contracting Activity Kicks Off $6B Defense IT Contract Bids (GovConWire) The Virginia Contracting Activity has started to accept bids on a potential five-year, $6 billion information technology services contract covering work for the the Defense Department and intelligence community

Yahoo's 'Mission Accomplished' Moment: Talent Retention (InformationWeek) Marissa Mayer and other tech employers should focus less on an aggressive acqui-hire strategy and more on moonshot engineering goals, current and former Yahoo employees say

Verdasys Closes $12 Million Investment (Dark Reading) Kenneth Levine joins Verdasys as CEO, replacing Jim Ricotta

Security Startups: Interview with Covertix CEO Yoran Sirkis (SecurityWeek) SecurityWeek: How did you start out in the computer field and in particular, security? Yoran: I started my journey in the cyber- and information- security fields while at the Israeli Air Force, where I served as a captain. After the military service I joined Comsec, an international information security professional services firm

Products, Services, and Solutions

Full Disclosure mailing list closure elicits mixed reactions (Help Net Security) The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today

Twitter gives up on encrypting direct messages, at least for now (The Verge) The company has a reputation for fighting government data collection. So why did it suddenly drop plans to protect private messages

Facebook Blocks NSA Spies — for Now (CIO) In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies

What is Kaspersky Gadget (Kaspersky Lab Daily) "Gadget" has recently become an extremely popular word. We now use a wide range of gadgets, read the latest news from this sphere in various blogs and websites, and eagerly discuss it. You can even use a gadget for your antivirus, like Kaspersky Internet Security, which has its own Kaspersky Gadget now

Blue Coat and HP collaborate to combat advanced targeted attacks (CIOL) To deliver a transformative approach that integrates defenses for each stage of the threat lifecycle and automates intelligence sharing across the security infrastructure

Enigma opens its platform for public big data search and discovery (FierceBigData) Do you live in the U.S. and need access to petabytes of public data free of charge? You're in luck. Enigma has just announced it opened its platform to the public for public data search and discovery

Parallel universes: parallel data warehouses for analytics only (FierceBigData) It's fairly common for analytics teams' abilities to go far beyond the technology function IT provides. At best, this is an untenable situation and at worst it costs such hobbled companies millions to billions in lost opportunities

Juniper Networks Partners VeriSign (Nasdaq Analyst Blog) Networking solutions provider, Juniper Networks ( JNPR ) has announced a partnership with VeriSign, Inc. ( VRSN ) to provide hybrid cloud-based security services. The combined solution can manage and protect against Distributed Denial of Service (DDoS) attacks and at the same time connect public and private clouds securely. Read more:

Arbor Unveils a Network Security 'DVR' (Light Reading) Network attacks may be increasingly inevitable, but 83% of enterprises say they are unprepared for them, according to new research from Arbor Networks

Check Point Sandboxing Technology Tops Zero-Day Malware Block Rates (Consumer Electronics Net) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today announced that Check Point Threat Emulation Service, which protects organizations against new, unknown and targeted attacks before they infect a network, has the highest catch rate of malicious files. In recent benchmark testing, 600 malicious files were scanned through Check Point Threat Emulation and other competitive products. The results found that Check Point outperformed all of the others in this test, with a malicious file catch rate of 99.83%. The other competitive products detected an average of 53% of the files as malicious, with the highest competitor's catch rate at 75%

Review: KnowBe4 Compliance Manager (eSecurity Planet) While KnowBe4 Compliance Manager does not makes tasks associated with regulatory compliance enjoyable, reviewer Matt Sarrel finds the software does make them less onerous

Damballa and ForeScout Partner on Threat Protection (SecurityWeek) Damballa, a provider of threat protection and containment solutions, and ForeScout Technologies, a provider of network security solutions, have teamed up in an effort to enhance visibility and automate remediation of advanced threats within enterprise networks

Cohen's SAC taps analytics firm Palantir to monitor employees (Reuters) Billionaire investor Steven A. Cohen hired a top Silicon Valley data analytics firm to keep closer tabs on his employees just months after his hedge fund SAC Capital Advisors pleaded guilty to insider trading charges

The Pentagon Spent $2.7 Billion on an Intelligence System That Doesn't Work (The Wire) Here's another item for the (long) list of spectacular waste in the Pentagon's budget: a $2.7-billion intelligence program that's supposed to help Army troops on the ground collect and use intelligence on enemy fighters. It sounds like a good idea, but the thing is, the Army's Distributed Common Ground System doesn't actually do that, according to report from Foreign Policy. The article cites an internal assessment of the DCGS's effectiveness, long requested by Congress but kept under wraps by the Pentagon for eight months. Probably because they didn't feel like talking about such a spectacular failure

Technologies, Techniques, and Standards

Law firm drafts risk-based approach to privacy protections (Inside Cybersecurity) A privacy policy group managed by the law firm Hunton and Williams is meeting today in Paris to develop a risk-based approach to protecting personal data, which is intended to sidestep industry-government tensions over privacy protections as part of cybersecurity measures

Stop Targeted Attackers (Dark Reading) All cyber-attackers aren't equal. Focus more attention on exploits made just for you

Kick us as hard as you like, RIGHT IN THE CYBERS, says Japan (The Register) Government unleashes ethical hackers to prep for Tokyo Olympics

How do you know if an RNG is working? (A Few Thoughts on Crytographic Engineering) No matter how much cryptographers accomplish, we're always building on a questionable foundation. Last week, Edward Snowden spoke to a packed crowd at SXSW about the many problems (and limited solutions) facing those of us who want to keep our communications private. Snowden said a number of things — including a shout out to Moxie's company Whisper Systems, who certainly deserve it

Where will XP stalwarts go after the end of Windows XP support? (TechTarget) The end of official Windows XP support is not all bad news. Microsoft plans to provide signature updates for its anti-malware application for another year or so. But support for the operating system itself is going away, and enterprise desktops running it could be at significant risk. Yet budgets, timelines and legacy programs leave some organizations with little choice but to continue to support XP. If that's the case for your environment, you can take a number of steps to help mitigate at least some of the looming threats

Improving Security via Proper Network Segmentation (SecurityWeek) Recent headlines around data breaches have highlighted a common security mishap — improper network segmentation

Metadata Poses Both Risks And Rewards (Dark Reading) For companies, metadata can both be an opportunity to better secure the business and a threat that leaks sensitive data

Python developers are the most giving (IT World) GitHub Archive data reveals that Python repositories, on average, receive the most pull requests of any programming language

XORSearch: Finding Embedded Executables (Didier Stevens) Someone mentioned on a forum that he found a picture with an embedded, XORed executable. You can easily identify such embedded executables by xorsearching for the string "This program must be run under Win32". But if the author or compiler modifies this DOS-stub string, you will not find it

Design and Innovation

War is a Video Game, and We're Losing (War on the Rocks) It is often said that the rise of military robotics and cyber warfare is turning war into a "videogame." But this thesis—which blames technology for a supposed loss of moral seriousness about war—gets the causation wrong. It isn't bloodless technology that really makes war videogame-like. Rather, videogames are simple and deterministic in that they mirror the ways a cross-section of national security experts think about war. It seems that as hard as we try to be treat war as "tragic, inefficient, and uncertain," we end up getting our military analysis from the same mental place that's engaged by a shopping trip to GameSpot. We might as well use this to our advantage by diversifying our unconscious war(games) rather than playing the same titles over and over again

Research and Development

Finjan Holdings Subsidiary Issued New U.S. Patent For Malicious Mobile Code Protection (Dark Reading) Patent issuance relates to a proprietary malicious mobile code runtime monitoring systems and methods

Academia

Springfield High, Clark State to join forces for cybersecurity class (Springfield News-Sun) Springfield High School students will soon be given the opportunity to jump into one of the fastest-growing and in-demand careers in the nation

Here come the next generation cyber-warriors (Fortune) The wild frontier of identity theft and web terrorism has opened the door for educational programs to train teenage cyber-sleuths

Legislation, Policy, and Regulation

UAE ponders how to have big data, without big problems (The National) With one of the highest adoption rates of smartphones on the planet, the UAE is at the forefront of the global push to become a "smart nation" in which online technology is integrated into everyday life. But as the Emirates Centre for Strategic Studies and Research's annual conference heard this week, the dawning era of big data warrants care and supervision to ensure the intended benefits do not come at the price of sacrificing reasonable expectations of privacy

Espionnage : comment Orange et les services secrets coopèrent (Le Monde) On apprend souvent davantage de choses sur soi par des gens qui n'appartiennent pas à votre famille. Les Britanniques, un peu malgré eux, viennent de nous éclairer sur les liens hautement confidentiels qui existent entre les services secrets français, la Direction générale de la sécurité extérieure (DGSE) et l'opérateur historique de télécommunication France Télécom, qui a pris le nom d'Orange en février 2012

Google CEO Calls NSA Spying 'Disappointing' (Bloomberg) Google Inc. (GOOG) Chief Executive Officer Larry Page criticized the National Security Agency's surveillance activities, calling for limits on what the U.S. government can do. "It's tremendously disappointing that our government did this and didn't tell us," Page said during a presentation at a TED technology and design conference in Vancouver. "We need to know what the parameters of this are"

NSA top lawyer says tech giants knew about data collection (C/Net) Nevermind the vociferous denials from tech titans like Google, Microsoft, and Apple. They knew the government was collecting their user data, the NSA's general counsel says

Rand Paul Slams Surveillance State 'Drunk With Power' (National Journal) A harsh speech wins over the UC Berkeley crowd but the Republican senator glides past social issues

Edward Snowden: Here's how we take back the Internet (Help Net Security) Appearing by telepresence robot, Edward Snowden speaks at TED2014 about surveillance and Internet freedom

Alexander: Congress should address cyberthreat information sharing (Federal Times) Intelligence-sharing has become a higher priority following a 2013 executive order that expanded the Homeland Security Department's Enhanced Cyber Services program

DOD delays rulemaking on rapid reporting of cyber penetrations (Inside Cybersecurity) The Pentagon needs more time to develop highly anticipated draft regulations that would require defense contractors with security clearances to rapidly report penetrations of their networks and information systems

Working group kicks off process to align communications sector with cyber framework (Inside Cybersecurity) The FCC's long-awaited "working group four" on cybersecurity will be formally launched today at a meeting of the Communications Security, Reliability and Interoperability Council, beginning a yearlong process to align industry best practices with the government's new framework of cybersecurity standards

Senate Commerce panel schedules data breach hearing (Inside Cybersecurity) The Senate Commerce Committee will hold a hearing next week on "protecting personal consumer information from cyber attacks and data breaches"

NRF: 4 lies about data security (FierceRetailIT) What if a government agency held hearings on fraud protection and data security, prompted by recent data breaches at national retailers, and failed to invite a single retailer

Obama Administration Denies 'Abandoning the Internet' (Nextgov) A top Commerce Department official pushed back Wednesday against concerns that the Obama administration is opening the door to an Internet takeover by Russia, China, and other authoritarian regimes

Litigation, Investigation, and Law Enforcement

US DHS digs out 27,000-member child abuse ring buried on Tor (Naked Security) The child predators targeted children as young as 3 years old. More than 40 terabytes of data were seized, 15 men have been arrested, 251 child or teen victims have been identified

US officials don't expect terrorists to embrace Bitcoin. Here's why. (Bloomberg News via the Times Herald) The U.S. government sees no evidence of "widespread" use of virtual currencies such as Bitcoin to evade sanctions or finance terrorism, the Treasury Department's top official targeting money laundering said

Hacker Diabl0 arrested in Thailand at the request of Swiss authorities (NetworkWorld) He is wanted in connection with computer fraud and credit card information theft in Switzerland

Three indicted over $15 million identity theft spree (Naked Security) Three men have been indicted in a New Jersey court, charged with participating in an identity theft conspiracy which could have cost its victims upwards of $15 million

Class Action Suit Filed in L.A. Breach (HealthCareInfoSecurity) A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals

Non-Gmail users suing Google for "wiretapping" denied class action (Ars Technica) Judge says Google is right—the problem of consent is too murky.

Microsoft uncovers mole who leaked Windows secrets, but Wzor lives on (InfoWorld) Microsoft has charged an ex-employee who leaked Windows 8 builds — but it's unlikely that Wzor, the current reigning champ of Windows leaks, will be affected

"Revenge porn" site creators hit with $385,000 judgment (Ars Technica) Lawyer hopes other revenge porn "scumbags" will remember this lesson

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Cyber Security for Energy & Utilities (, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...

Black Hat Asia (, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

Cyber Security Management for Oil and Gas (, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

Cyber Saturdays (Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...

Interop Conference (, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.

NSA Hawaii (, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...

InfoSec World Conference & Expo 2014 (, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

IT Security Entrepreneurs Forum (ITSEF) 2014 (, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.