skip navigation

More signal. Less noise.

Daily briefing.

Recorded Future thinks it discerns synchronization of Russian offensive cyber operations with Ukraine's debt service schedule, which would augment pressure exerted through Ukrainian natural gas imports. The 2008 Georgian incursion, combining as it did both cyber and "kinetic" operations, continues to serve as a template for analysts watching Russian involvement in the increasingly lethal Ukrainian crisis. (And Latvian officials seem to fear their country is next—watch for cyber rioting as battlespace preparation.)

The VRT Blog's Snorters offer a useful overview of CVE 2014-1776 Internet Explorer exploits.

OAuth and OpenID, shown susceptible to redirection late last week, should be approached with caution, particularly in social media. Observers dispute whether "Covert Redirect" actually counts as a vulnerability—many analysts are calling it a "weakness"—and it seems clear that it's not in the same class as Heartbleed. (The discovery of Covert Redirect also occasions some useful discussion of where responsibility for security properly lies.)

Accelerometers are found easily susceptible to device fingerprinting, which reveals the possibility of a new covert tracking modality.

An overview of the "darknet" offers a glimpse into the black market's R&D infrastructure.

OpenDNS Security Labs thinks generic Top-Level Domains are inherently vulnerable to exploitation, largely because of their relative novelty.

Fresh reports of maritime vulnerability to cyber attack appear.

A CSO piece announces a deathwatch for encryption. It's overstated, but the "algorithm arms race" discussion is interesting.

Target's CEO falls to Target's data breach. Symantec announces a shift away from antivirus to attack mitigation solutions. Huawei wants to be "European."

Notes.

Today's issue includes events affecting Australia, China, Costa Rica, Cuba, Georgia, Germany, Panama, Russia, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Intel Firm Links Ukraine Energy Debt with Potential Cyber Assault (Nextgov) A Web intelligence company says Putin-sponsored cyber assaults against Ukraine could coincide with deadlines for paying Russia for energy

Russian cyber attacks on Ukraine: the Georgia template (Channel4 News) Cyber attacks against Ukraine carry worrying echoes of Russia's 2008 invasion of Georgia. Is this the new way to wage war?

In Latvia, Tensions Mount Under Russia's Gaze (Wall Street Journal) Heavily Russian Baltic neighbor is sharply divided as government tries to maintain its borders and economy

Anatomy of an exploit: CVE 2014-1776 (Snort VRT Blog) When the Internet Explorer 0-day CVE 2014-1776 was announced, we turned to our intelligence feeds for more information. In the course of taking it apart we found a few things that were quite interesting that we wanted to share

Security Flaw Found In OAuth 2.0 And OpenID; Third-Party Authentication At Risk (Dark Reading) Authentication methods used by Facebook, Google, and many other popular websites could be redirected by attackers, researcher says

Covert Redirect Issue in OAuth, OpenID Places Security Responsibility in Wrong Place (SecurityWeek) The Covert Redirect issue, the reportedly "serious vulnerability" uncovered recently in login tools OAuth and OpenID, places the responsibility for user security in the wrong place, a security expert said

Covert Redirect isn't a vulnerability, and it's nothing like Heartbleed (CSO) On Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called "Covert Redirect," promoting it as a vulnerability in OAuth 2.0 and OpenID

OAuth weakness threatens users of social media sites (CSO) Social media sites, such as Google, Facebook and Yahoo, are at risk of sharing user data with malicious third-party websites

Legitimate software apps impersonated in a blackhat SEO-friendly PUA (Potentially Unwanted Application) serving campaign (Webroot Threat Blog) Deceptive vendors of PUAs (Potentially Unwanted Applications) continue relying on a multitude of traffic acquisition tactics, which in combination with the ubiquitous for the market segment 'visual social engineering', continue tricking tens of thousands of users into installing the privacy-violating applications

InduSoft Web Studio Directory Traversal Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability

Researchers Say Accelerometers are Perfect for Pervasive Tracking (Threatpost) Minute manufacturing imperfections in popular accelerometers cause that hardware to emit uniquely identifiable data that could give third parties the ability to single out specific mobile devices, regardless of any privacy protections deployed on them

The Cyber Threat Industry: Lurking Into the Darknet (The Cutting Edge) Deep in shadowy chat rooms, where normal users never visit, there's an entirely different world. Its denizens conduct their business secretly, keeping their distance from journalists and information security experts who try to meddle in their affairs. This business has rules of its own — the collection of forums and websites we call "darknet". The tracks of every virus and malware that threaten innocent users lead there

Attack Prediction: Malicious GTLD Squatting May Be the Next Big Threat (Open DNS Security Labs) Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years. These new gTLDs and internationalized domain names (IDNs) are awesome ideas if you think about the creativity sparked around the names one can possibly register

Coin Mining DVRs: A compromise from start to finish. (Internet Storm Center) We talked before about DVRs being abused as bitcoin (or better Litecoin) mining bots. As part of my "IoT Honeypot Lab", I started adding a DVR to see how long it took to get compromised. The DVR was installed "as purchased" and port 23 was exposed to the internet

Social Engineering: The Basics (CSO) What is social engineering? What are the most common and current tactics? A guide on how to stop social engineering

Anti-piracy group warns about malware-riddled sites — fair, or scaremongering? (Naked Security) A UK body battling online media piracy has released a rather stark warning about "bogus content" on sites providing access to pirated films and TV shows, claiming that 97% of such sites feature either malware or scams, and 3 out of 4 people who use these dodgy services subsequently suffer "problems with their device"

Press Freedom Day marred by cyber-attack on TVN (Newsroom Panama) On World Press Freedom Day, Saturday May 3, Panama's TVN channel 2 received another "cyber-attack" on its website

Swedes targeted in new 'Microsoft' phone scam (The Local (Swedish Edition)) Elderly Swedes are falling victim to a new scam being perpetrated by English-speaking fraudsters claiming to work for Microsoft

Bulletin (SB14-125) Vulnerability Summary for the Week of May 5, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Microsoft: Windows XP Update An 'Exception' (InformationWeek) XP users shouldn't expect additional support from Microsoft, despite its heroic last-minute security update for Internet Explorer

Adobe Enhances Security in ColdFusion 11 (SecurityWeek) Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications

Cyber Trends

Open seas is latest frontier for cyber criminals (BusinessDay) The next hacker playground: the open seas — and the oil tankers and container vessels that ship 90% of the goods moved around the planet

CSIRO joins chorus of cyber experts in warning Australia of major services shutdown (Sydney Morning Herald) Cyber attacks could shut down Australia's electricity grid, steal government records, or force government services offline, according to a new CSIRO cyber security report to be released at a technology conference on Monday

CISOs anxious about possible data breaches, employees not so much (Help Net Security) If you are a Chief Information Security Officer, chances are you may not be getting much sleep lately according to a recent survey of IT security executives at companies of 500 or more employees

Cybersecurity may be going the way of country music (Nextgov) Late last year Entertainment Weekly writer Grady Smith compiled the YouTube video Why Country Music Was Awful in 2013, explaining "so much of what's on the radio these days sounds exactly the same!" I'm an old school country music fan (my husband likes to say I'm so old school I listen to both country and "western" music) so when I saw that video, it confirmed my thoughts on a lot of today's music

11 reasons encryption is (almost) dead (CSO) Everyone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted. But an encrypted file can only be cracked open with the proper key — and that key is always in the hands of a dangerously attractive agent hidden in a sumptuous hideout on the other side of the world

Marketplace

US Contractors Scale Up Search for Heartbleed-Like Flaws (Bloomberg) On Florida's Atlantic coast, cyber arms makers working for U.S. spy agencies are bombarding billions of lines of computer code with random data that can expose software flaws the U.S. might exploit

Kaspersky lines up ducks for enterprise assault (CRN) New partner programme, new virtualisation technology and swanky new office for security vendor as it eyes enterprise glory

Procera Networks Awarded Business Valued at Approximately $3.5 Million From Two New Tier 1 Service Providers in APAC (Wall Street Journal) Procera Networks, Inc. (NASDAQ: PKT), the global Internet Intelligence company, today announced it was awarded approximately $3.5 million of business from two Tier 1 service providers that represent new customers in the Asia Pacific region. The operators selected Procera's PacketLogic™ platform and displaced a long-term incumbent vendor to deliver a better subscriber experience. The operators conducted thorough evaluations and selected Procera's PacketLogic platform for its ability to deliver the high capacity required to scale network performance above 100Gbps today, and to continue scaling over the next few years. The awarded business is expected to benefit revenue in 2014

Target CEO out after massive cyberattack; CFO to replace (ZDNet) The company's chief financial officer will take the lead in the executive suite in efforts to rebuild trust with its customers

MOVE your cybersecurity, green technology, IT or life science business HERE (Montgomery Economic Development) The MOVE Program is a recently-announced initiative from the Montgomery County Department of Economic Development created to get you to take a serious look at Montgomery County, Maryland and the variety of great commercial office space available to YOUR business right NOW

Huawei Founder: Company Aims to Be Viewed as 'European' (Wall Street Journal) Chinese Telecom Vendor Wants to Change Its 'Mysterious' Image

Huawei CEO says not surprised by U.S. spying reports (Reuters via the Chicago Tribune) The founder of China's Huawei Technologies Co Ltd said media reports that the U.S. National Security Agency (NSA) was spying on his company came as no surprise, and they would not damage its reputation among its customers

Symantec Develops New Attack on Cyberhacking (Wall Street Journal) Declaring antivirus software dead, firm turns to minimizing damage from breaches

Security Pro File: IT Risk Manager Julie Fetcho (Dark Reading) The skills women are traditionally encouraged to cultivate — like communication and relationship building — are becoming more valuable to the security field, says Julie Fetcho, who leads TIAA-CREF's IT risk governance team

Products, Services, and Solutions

Android-based Pwn Phone is prepared to do evil for your network's own good (Ars Technica) Hands on: Pwnie Express takes Ars through its new Android phone for white hat hackers

Windows XP market share dips just 1.4 percent following April end of life (The Inquirer) While Windows 8 sees minimal growth

Malcovery provides explicit intelligence so you can block today's top threats as they emerge (Network World) Have you seen the pharmaceutical TV commercial where a businessman attending a meeting is handed a note that says "Your heart attack will happen tomorrow"? The idea of being notified in advance of something so terrible is startling. Obviously if this were possible, the man could take preventative action before the real harm could happen

Malcovery® Security Partners with Return Path to Deliver Multi-Layered Brand Protection (Digital Journal) Malcovery® Security, the leader in delivering actionable threat intelligence to neutralize email-based threats, and Return Path, the global leader in email intelligence, announced a partnership to deliver multi-layered brand protection to enterprises

VCW Security is First to Distribute Cloud-Based CYREN WebSecurity Service in UK (IT Business Net) CYREN (NASDAQ: CYRN), a leading provider of cloud-based security solutions, today announced that a new distribution partnership with VCW Security, a leading UK distributor of IT security products and solutions. Under the agreement, VCW Security will offer the CYREN WebSecurity service via their network of resellers

Tenable Network Security Wins Best Vulnerability Management Solution at SC Magazine Europe 2014 (MarketWatch) Tenable Network Security, Inc. , the leader in real-time vulnerability, threat and compliance management, has been named Best Vulnerability Management Solution at SC Magazine Awards Europe 2014. Tenable SecurityCenter Continuous View™ was recognised for providing the best vulnerability assessment for physical, virtual, cloud and mobile assets using active or passive testing

An Inside Look at ProtonMail: End-to-End Encrypted Email (Cryptocoins News) Bitcoin users are no strangers to cryptography. After all, Bitcoin wouldn't even exist without it, since cryptography prevents double spending and allows the network to verify ownership of coins. Of course, the primary purpose of cryptography has always been secret communication, and a new service called ProtonMail is offering exactly that

John McAfee Releases Secure Anti-Surveillance Messaging App 'Chadde' (HackRead) Last year John McAfee, the founder of world renowned McAfee antivirus software had promised his followers for a new device that would defeat the NSA and protect user's privacy

Technologies, Techniques, and Standards

Chip and PIN Technology: Why It Won't Solve Our Data Breach Woes (Private WiFi) The United States has successfully resisted chip and pin technology for nearly a decade, and we've got the data breaches to prove it

Comment: Tracking tactics of Boko Haram with open source intelligence (SBS) Governments facing increasingly complex adversaries must embrace any available opportunities to gain an edge. Here, open source intelligence provides a huge opportunity and it is this that will be crucial in helping to defeat groups such as Boko Haram

iPhone Reset Thwarts Forensic Investigation (DFI News) Felons wanting to best forensic investigators need only perform a factory reset of all current model iPhones, say forensic security experts

Why you need to pay attention to how people use your systems (CSO) As attackers continue their quest for credentials, you need to know what normal usage looks like in order to realize when something isn't right

Observations from Key-logged Passwords (Internet Storm Center) I recently had the opportunity to look at a sample of key-logged passwords collected from compromised machine over a period of 4 years. I wanted to share some of the takeaways, since I'm not comfortable sharing too many of the details

How to Buy Static Analysis Tools (eSecurity Planet) Static analysis tools can help software developers produce more secure applications. Here is what you need to know when evaluating such tools for your organization

"Pavlovian password management" aims to change sloppy habits (Ars Technica) Policy would reward or penalize people based on the passwords they pick

TEMA leads first responders in cyber attack exercise (Tullahoma News) Imagine not being able to use a cell phone, access the Internet or communicate with family members. That was the scenario Friday during a "cyber attack" exercise sponsored by the Tennessee Emergency Management Agency (TEMA) and held at the Tennessee Fire and Codes Academy in Bell Buckle

Research and Development

Stanford professor scrutinizes India's biometric identification program (Help Net Security) The cutting edge of biometric identification — using fingerprints or eye scans to confirm a person's identity — isn't at the FBI or the Department of Homeland Security. It's in India

5 Bitcoin Projects That Could Make Payments Far More Anonymous (Wired) Some believe that bitcoin's anonymous properties are a bug, not a feature. This past January, New York financial regulator Benjamin Lawsky called for a crackdown on software that anonymizes transactions in the online digital currency, saying it will merely help criminals evade law enforcement. And one of the currency's biggest supporters, venture capitalist Marc Andreessen, believes bitcoin will truly thrive only after it shrugs off anonymity protections

Academia

How to get STEM students to 'poke the universe' again (eSchool News) Schools, corporations attempt to spur interest in STEM through project-based learning

Going Back To (Cyber) School (Forbes) Academia is acquiring an interest in cyber education on many fronts. Not likely to crank out cyber warriors at anywhere close to the rate needed to meet current demand, they are nonetheless anxious to participate in a real trend

DOD Center pioneers first-ever strategic cyber course (DVIDS) Cyber policy, strategy development, Internet governance and a host of other top-level issues surrounding the cyber domain will get their own program at the George C. Marshall European Center for Security Studies starting in December

Legislation, Policy, and Regulation

Merkel not ready to say trust restored after NSA spying affair (Oman Daily Observer) Chancellor Angela Merkel made it clear in Washington that Germany has not yet forgotten last year's revelations of National Security Agency (NSA) spying. Asked in a press conference whether she felt trust had been restored in the wake of the affair, Merkel said: "I think the whole debate…has shown that the situation is such that we have a few difficulties yet to overcome"

Congress revives cyber legislation (Federal Times) Lawmakers on Capitol Hill consistently failed over the past two years to pass cybersecurity legislation, but that won't stop them from trying again: The latest round of proposed cyber laws emerged earlier this week from the Senate Intelligence Committee

Rep. Justin Amash reportedly threatens to amend defense spending bill, derail NSA spying programs (MLive) U.S. Rep. Justin Amash warns he's considering attaching an amendment to an authorization bill should the National Security Agency continue collecting bulk phone records, according to a recent report

Congress should help DHS and DoD guard against domestic cyber attack (The Hill) The United States Government must rethink its domestic cyber defense strategy. Even though the Departments of Homeland Security (DHS) and Defense (DOD) have the nominal lead in defending America from cyber-attack, no federal agency has been tasked to protect key infrastructure during a significant cyber incident. Treating cyber disasters far differently from physical ones is a mistake because it deprives the country of a powerful resource, the National Guard. The upcoming National Defense Authorization Act (NDAA) is the perfect opportunity to remedy this situation

In Surveillance Debate, White House Turns Its Focus to Silicon Valley (New York Times) Nearly a year after the first disclosures about the National Security Agency's surveillance practices at home and abroad, the agency is emerging with mandates to make only modest changes: some new limits on what kind of data about Americans it can hold, and White House oversight of which foreign leaders' cellphones it can tap and when it can conduct cyberoperations against adversaries'

Reforming the NSA: How to Spy After Snowden (Foreign Affairs) The long-running debate over the tradeoffs the United States should make between national security and civil liberties flared up spectacularly last summer, when Edward Snowden, a National Security Agency contractor, handed journalists a huge trove of heavily classified documents that exposed, in excruciating detail, electronic surveillance programs and other operations carried out by the NSA

Exclusive: Meet the Fed's First Line of Defense Against Cyber Attacks (Foreign Policy) Inside the secret Fed cybersecurity unit keeping trillions of dollars safe from hackers

Homeland Security Targets Cybersecurity Upgrades (InformationWeek) Department of Homeland Security agencies must balance computer and communications network improvements slated for the next 12 months with tight budgets

Litigation, Investigation, and Law Enforcement

Why Ignoring the NIST Framework Could Cost You (Huffington Post) Last week, the much anticipated (at least in the, let's face it, relatively small and quirky circles that pay attention to this stuff) NETmundial meeting on the future of Internet governance wrapped up in Brazil

Tech firms increasingly notify users of secret data demands (Washington Post via Philly.com) Major U.S. technology companies have largely ended the practice of quietly complying with investigators' demands for e-mail records and other online data, saying that users have a right to know in advance when their information is targeted for government seizure

Silicon Valley defies subpoena secrecy requests, but national security gag orders remain (ZDNet) Apple, Facebook, Google, Microsoft and Yahoo have begun disclosing to users that authorities have asked for their data, defying government requests that they not do so

China cracks 'military spy ring' run by unnamed foreign country (International Business Times) China has said it has busted a military spy ring run by 40 people for an unnamed foreign country and has sentenced one of the leakers to jail for ten years

CELAC Condemns Illegal Use Of IT Against Cuba; IAPA Protest Cyber Attack On Panama TV (Bernama) The Community of Latin American and Caribbean States (CELAC) condemned the illegal use of information and communication technologies against its member states in the case of the recent anti-Cuba social media platform known as Zunzuneo

Terrorism case defense wants surveillance records (Bradenton Herald) Attorneys for a Chicago terrorism suspect are urging a federal appeals court to uphold a trial judge's decision to grant defense lawyers unprecedented access to secret intelligence-court records

High school senior charged with hacking report card system (Ars Technica) Student allegedly gained illegal access to change grades for him and four others

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

STEM Café (Geneva, Illinois, USA, May 6, 2014) At the next STEM Café, Raimund Ege, associate professor in NIU's Department of Computer Science, will lead a lively discussion on how computer crime affects our everyday lives and what we can do to protect...

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...

FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government,...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.