skip navigation

More signal. Less noise.

Daily briefing.

Colombia's President Santos, reports say, has had his emails hacked. FARC, or at least FARC sympathizers, are suspected. Their apparent goal is intelligence on continuing peace negotiations between FARC and the government.

Indonesian cyber vandals deface sites belonging to Yemen's Ministry of Human Rights and several United Nations organizations. The motive seems nothing more than counting coup.

KnowBe4 reports a new strain of ransomware in the wild: CryptorBit (a.k.a. HowDecrypt). It appears to bypass group policy settings designed to fend off ransomware; it also installs a cryptocurrency miner on infected machines.

Apple acknowledges an iOS email attachment encryption flaw.

StubHub's ability to sell World Cup tickets bogs down as a denial-of-service attack shuts down its Brazilian operations.

DropBox issues a patch to close a security hole that has, researchers claim, been known since last November.

New reports detail financial sector cyber security trends. The Anti-Phishing Working Group says cyber criminals' optempo is up. Cybergangs now change targeted brands more quickly, looking for newly popular companies with weak defenses and vulnerable user bases.

Mergers and acquisitions lead industry news. FireEye is buying enterprise forensics shop nPulse Technologies, and Endgame makes its first acquisition, Onyxware, seen as a BYOD security play. IBM's predictive and preventive cyber security solutions continue to attract attention.

SHA-2's displacement of SHA-1 is moving faster, thanks to Heartbleed.

In the US, legislation to restrict electronic surveillance is moving through the House, prospects boosted by new support from leading NSA supporters. The bill would restrict telecommunications metadata mass collection.

Notes.

Today's issue includes events affecting Argentina, Brazil, Canada, China, Colombia, Estonia, Georgia, India, Indonesia, Iran, Latvia, Moldova, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, Yemen, and Zimbabwe..

Cyber Attacks, Threats, and Vulnerabilities

Colombian President Target of Cyber-Spy Operation, Emails Hacked (Hispanically Speaking News) Investigators discovered a clandestine cyber-espionage operation targeting the government's negotiations with leftist guerrillas, Colombia's attorney general said Tuesday, adding that the spies apparently intercepted President Juan Manuel Santos' e-mails

Yemen's Ministry of Human Rights and United Nations Domains Hacked by Indonesian Hackers (HackRead) A group of Indonesian hackers going with the handle of Gantengers Crew have hacked and defaced the official website of Yemen's Ministry of Human Rights, United Nations Development Programme (UNDP), United Nations and United Nations Volunteers. All websites were hacked about an hour ago, left with a deface page along with a message which doesn't explain why the

KnowBe4 Warns: Third Ransomware Strain Called CryptorBit Attacks (PRWeb) The crypto malware evolution moves on full speed ahead with new variant — adding a third cyber gang effort to rake in high stakes

Apple admits flaw in email attachment encryption on iPhones and iPads (Naked Security) Apple is under pressure to patch a security flaw in iOS 7, after researcher Andreas Kurtz published his discovery that email attachments are unencrypted on iPhones and iPads, and can be accessed by an attacker using "well-known techniques"

DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in the wild (Webroot Threat Blog) With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android's marketplace using a variety of TTPs (tactics, techniques and procedures). Largely relying on the ubiquitous for the cybercrime ecosystem, affiliate network based revenue sharing scheme, segmented cybercrime-friendly underground traffic exchanges, as well as mass and efficient compromise of legitimate Web sites, for the purpose of hijacking legitimate traffic, the market segment for Android malware continues flourishing

New DNS Spoofing Technique: Why we haven't covered it. (Internet Storm Center) The last couple of days, a lot of readers sent us links to articles proclaiming yet another new flaw in DNS. "Critical Vulnerability in BIND Software Puts DNS Protocol Security At Risk" claimed one article, going forward to state: "The students have found a way to compel DNS servers to connect with a specific server controlled by the attacker that could respond with a false IP address"

Sneaky Windows Folder Poisoning Attack Steals Access Rights (Dark Reading) Windows challenge-response authentication protocol could be abused by PC hackers to easily access wider corporate networks

Deactivated User Accounts Die Hard (Dark Reading) New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse

How Turning Off Geotagging On Your iPhone Could Save a Rhino's Life (Intego) Do you think fears about geotagged photographs are overblown? Well, maybe a tweet made today by my friend, Professor Alan Woodward of the University of Surrey, will change your opinion

Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest (Graham Cluley) Earlier today I reported how users of file sync and share services like Dropbox and Box.com could have their sensitive information exposed to Google advertisers

StubHub's World Cup ticket sales in Brazil interrupted by cyber attack (Los Angeles Times) StubHub, the online event tickets vendor owned by Ebay, suffered a large denial-of-service attack which led to the shutdown of its website in Brazil, just as it was poised to serve as a marketplace for tickets to the country's upcoming World Cup

DrawQuest Shut Down After Hackers Gain Access to Amazon Servers (Softpedia) DrawQuest — the free drawing community for iPhone, iPad and iPod touch — has been shut down. The decision comes after malicious hackers breached the Amazon servers used by the company

Malware Exposes Boomerang Tags Customers' Payment Card Data (eSecurity Planet) Customers' names, addresses, payment card numbers, expiration dates and security codes were exposed

The Non-Advanced Persistent Threat (Imperva) Advanced Persistent Threat (APT) is a name given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. The skill and scope required to instigate an attack of this magnitude and sophistication are believed to be beyond the reach of individual hackers. Therefore, APT is generally attributed to governments, hacktivists, and cyber criminals

Hacktivism: good or evil? (ComputerWeekly) Wikipedia is always a good source of definitions for technology-related issues. It defines hacktivism as "the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics". As with any technology, "hacking" and therefore hacktivism can be a force for good or evil

Security Patches, Mitigations, and Software Updates

Dropbox finally fixes security vulnerability (ComputerWeekly) Cloud-based file syncing and sharing service Dropbox has taken steps to fix a security vulnerability, but only after media attention to the issue

Ruby on Rails security update available (CSO) Ruby on Rails has released their newest version of their software

Cyber Trends

Report on Cyber Security in the Banking Sector (New York State Department of Financial Services) Cyber attacks against financial services institutions are becoming more frequent, more sophisticated, and more widespread. Although large-scale denial-of-services attacks against major financial institutions generate the most headlines, community and regional banks, credit unions, money transmitters, and third-party service providers (such as credit card and payment processors) have experienced attempted breaches in recent years

Security Trends In The Financial Services (CloudTweaks) Readers who subscribe to our newsletter will have already read Fridays news about Microsoft's latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries — financial services, healthcare, retail, and public sector

Cybergangs accelerating velocity of targeted brand development (Help Net Security) Cybercrime gangs are accelerating their substitution of targeted brands at an alarming new pace, according to a new APWG report

On security reports and weather forecasts (NetworkWorld) Do you need someone to tell you it's raining?

So what is the fuss about the 'Death of AV'? (Kaspersky Lab Business) So, you may have heard that antivirus has been pronounced dead — again

Marketplace

FireEye Enters Agreement to Acquire nPulse Technologies (MarketWatch) Combination creates industry's first solution to deliver enterprise forensics from the endpoint to the network, providing visibility across the entire attack life cycle and accelerating threat response and remediation

Endgame's First Acquisition Takes It Beyond Cyber Weapons (Bloomberg BusinessWeek) Endgame, once a secretive supplier of cyber weapons to yet more secretive government agencies, has made its first acquisition, aiming to help public- and private-sector clients better protect mobile devices used by employees

Do Proofpoint's Earnings Mean Anything for Cybersecurity? (Motley Fool) Proofpoint (NASDAQ: PFPT) shares soared after the cloud data protection software provider reported better-than-expected earnings. However, it's worth noting that shares of security stocks have been badly beaten, and had continued to trend lower prior to Proofpoint's report

Akamai's Solid Q1 Performance Offset By Near-Term Margin Concerns (Trefis) Akamai (NASDAQ:AKAM) recently announced a strong set of Q1 results, beating the high end of its guidance on both revenues and earnings. The company generated revenues of $454 million in the first quarter, about 23% higher than the prior-year quarter when adjusted for the ADS divestment and the recent acquisition of Prolexic

Google execs cozily in bed with the NSA before Snowden leak: report (Times LIVE) Email correspondence between Google executives and the National Security Agency (NSA) reveal that the tech giant had a closer relationship with the US government then they have been letting on

Dell Turns 30: Where To Next? (InformationWeek) Dell celebrates its 30th birthday while working to reinvent itself for the cloud era. What do you want most from Dell now?

Bitdefender, Point Service Mobiles sign distribution deal (Telecompaper) Antivirus software publisher Bitdefender has signed an agreement with French mobile phone and tablet repair chain Point Service Mobiles have signed a distribution agreement for Bitdefender Mobile Security for Android

Distil opens Raleigh office (Raleigh News Observer) The founders of Distil Networks, a small but fast-growing Internet security software firm based in Arlington, Va., have returned to their North Carolina roots by opening an office in the Triangle

Don't let hackers know Mandiant founder checks his email on an iPad. Oh. (The Register) Mandia prefers face-to-face natter to avoid piles of spyware booby-traps

AVG Appoints Ronan Dunne to Supervisory Board (MarketWatch) CEO of Telefonica UK (O2) joins AVG as Independent Director

DRC Vet Louis Chabot Joins ManTech as Cyber Group VP, Technical Architect (GovConWire) Louis Chabot, formerly a data scientist at Dynamics Research Corp., has joined ManTech International (NASDAQ: MANT) has vice president and technical architect for the mission, cyber and intelligence solutions group

Products, Services, and Solutions

IBM's New Cybersecurity Plan: Find Bad Guys Before They Steal (Wall Street Journal) Protecting a company from data theft traditionally involves setting up a secure perimeter. But with computer crime growing in recent years, International Business Machines has a new approach: spotting threats before the crown jewels are stolen

Varonis Unveils DatAnswers, Bringing Secure Enterprise Search of Human-Generated Data Files to Employees (Broadway World) Varonis Systems, Inc. (NASDAQ: VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, today introduced DatAnswers, bringing secure, user-friendly enterprise search of human-generated data such as presentations, spreadsheets and documents

AVG launches management platform for MSP channel (ARN) Managed Workplace intended to boost partner productivity and reduce cost in managing SMB customers

Fortinet Strengthens Cloud Security Offering: Supports VPN Access to Microsoft's Azure Cloud Platform (MarketWatch) Fortinet now provides industry's broadest secure access to cloud environments

5 SQL Server 2014 Security Enhancements (SQL Magazine) SQL Server 2014 continues the Microsoft commitment to excellence in security. According to the National Institute of Standards and Technology (NIST) public security board, SQL Server reportedly has the lowest number of security vulnerabilities across major database vendors

Splunk Introduces Hunk 6.1 (MarketWatch) Organizations around the world turning to Hunk for easier and faster analytics for Hadoop and NoSQL data stores

'Moves' fitness app races to change privacy policy after Facebook acquisition (Naked Security) Remember how Bill Clinton told a grand jury he wasn't lying about his relations with Monica Lewinsky because it all boils down to what the meaning of "is" is?

Snowden's Beloved Tails OS Reaches v1.0 Milestone (Linux Insider) The volunteers who developed Tails, the open source operating system used by whistleblower Edward Snowden, this week released v1.0

Into malware? Time to play in the Cuckoo Sandbox (CSO) Have a taste for tearing apart malware? Then you have probably played with Cuckoo Sandbox. If not, it is really time to take a poke at it

Cryptol Version 2 Released (I Programmer) An open source version of Cryptol has been released. The language is designed specifically for cryptography, and while this is the first public version, the language has been under development and in use for almost 15 years

CACI Digital Forensics Lab Receives American Society of Crime Laboratory Directors Accreditation (Wall Street Journal) CACI International Inc (NYSE:CACI) announced today that its CACI Digital Forensics Laboratory (CDFL), a full-service computer and audio forensics facility located in Alexandria, Va., has been accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB)-International. This independent and impartial accreditation demonstrates that CACI's lab, which is part of the capabilities the company offers in its Investigation & Litigation Support market, meets or exceeds established testing and calibration requirements as well as industry digital forensic standards

Technologies, Techniques, and Standards

SHA-2 takes off, thanks to Heartbleed (ZDNet) Industry and standards bodies had announced the transition from SHA-1 hashes to SHA-2 in certificates some time ago, but adoption was weak. Now Heartbleed has created an opportunity to jumpstart the transition

The attack that keeps on giving (SC Magazine) Once again the importance of sound key management has been brought into sharp focus. The Heartbleed bug found in OpenSSL, one of the most common means of encrypting data on the internet and internal networks, provides a way for attackers to potentially access private keys

The State of Cryptography in 2014, Part 1: On Fragility and Heartbleed (TrendLabs Security Intelligence Blog) It seems like cryptography has been taking a knock recently. This is both good and bad, but is not actually true: cryptography is always under attack, and for that reason constantly evolves. That's bad, but it's good to realize that cryptography needs constant attention. The threat to cryptography can be very disruptive, as we most recently saw with Heartbleed, and more distantly with 'issues' in various algorithms like RC4, MD5, SHA1 and Dual_EC_DRBG (all of which should not be used any more, by the way)

IETF drops RSA key transport from SSL (The Inquirer) Adopts different vehicles for Transport Layer Security

Cyber Counterintelligence: from Theory to Practice (Tripwire: the State of Security) In the previous article, Cyber Intelligence Collection Operations, the types of collection and the types of data that could be obtained were discussed. At the end of the discussion I pointed out that analysts must be critical of the data they evaluate as at any time it could be compromised

Embedding positive security behaviors is essential (Help Net Security) Organizations have spent millions over recent decades on information security awareness activities. The rationale behind this approach was to take their biggest asset — people — and change their behaviors, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do

Password management done right (Help Net Security) David Sancho, senior threat researcher with Trend Micro, has recently written a short but good post in which he pointed out the reasons why despite their inherent insecurity, passwords are here to stay

Don't let the latest zero-day fool you (InfoWorld) The Internet Explorer exploit patched by Microsoft last week was serious stuff, but, if you're prioritizing holes to plug, browser vulnerabilities shouldn't be first on the list

Design and Innovation

What Google's King of Crazy Ideas Wants to Take On Next (Wired) As head of Google X, the search giant's so-called "moonshot factory," Astro Teller gets to think about big, hairy world issues for a living. He's the driving force behind Google's self-driving cars. He's leading the way on glucose-monitoring contact lenses for diabetics. He has tried — and failed — to bring us jet packs that are actually safe. And yes, for better or worse, he brought us Google Glass

Research and Development

Is that Twitter account a bot? Researchers make app to find out (CSO) The app looks at public Twitter data to identify phony accounts

Academia

Sorry State of IT Education: Readers Propose Fixes (InformationWeek) How should IT education be salvaged? In part 2 of this series, we share readers' ideas about what colleges, employers, and employees themselves must do

Legislation, Policy, and Regulation

How Putin Is Reinventing Warfare (Foreign Policy) Though some deride Russia for backward thinking, Putin's strategy in Ukraine betrays a nuanced understanding of 21st century geopolitics

House panel voting to end NSA bulk phone metadata program (Ars Technica) Proposal would require NSA to get approval from FISC to access records from telcos. A House panel is expected to vote on a proposal Wednesday ending the National Security Agency's bulk telephone metadata collection program

Hard-Hitting NSA Reform Bill Starts Moving Through Congress (Daily Caller) The most significant National Security Agency legislative overhaul, the USA Freedom Act, saw fresh movement toward a vote in Congress Monday after more than six months of delay since it was introduced last year

Key NSA Defender: Congress 'A Lot Closer' On Surveillance Reform (Foreign Policy) In a dramatic change of tone, Rep. Mike Rogers, the chairman of the House Intelligence Committee, praised a bill in the House Judiciary Committee that would sharply curb the National Security Agency's surveillance powers. His remarks suggest that the powerful lawmaker may be more willing to vote for tougher reforms than previously anticipated

DNI Announces the Release of Additional Documents Related to Collection Activities Authorized by President George W. Bush Shortly After the Attacks of Sept. 11 (IC on the Record) Yesterday the Director of National Intelligence released additional documents related to the intelligence-gathering activities authorized by President George W. Bush shortly after the attacks of Sept. 11 and subsequently transitioned to authority of the Foreign Intelligence Surveillance Act

McCain: Young People Angry about NSA Spying Have Forgotten 9/11 (HackRead) Sen. John McCain is known for his soft corner for the NSA and its surveillance project but his recent claim may upset many

White House Big Data Report Earns Praise, Skepticism (InformationWeek) Tech experts say the administration is wise to call for statutory protections for data in the cloud. But some advocacy groups say overregulation will have a chilling effect on innovation

Director of the National Security Agency: Who Is Michael Rogers? (AllGov) Admiral Michael S. Rogers took over April 2, 2014, as director of the National Security Agency (NSA) and head of the U.S. Cyber Command. In that role, Rogers will direct communications and data gathering and decoding. Rogers took charge of the agency as it was trying to recover from allegations of spying on Americans and foreign officials and the Edward Snowden revelations

Sending cyber sense down the Navy chain of command (FCW) Vice Adm. Jan E. Tighe, commander of U.S. Fleet Cyber Command, says the Navy brass has a good handle on the need for cyber defense, but the lower ranks need to be brought up to speed. The U.S. Navy is undergoing a "cultural shift" toward seeing computer networks for the battlefields they are, but some of that education has yet to trickle down to the rank and file, its top cyber commander said May 6

Former Unisys CIO Kevin Kern Joins ICE as CIO (ExecutiveGov) Kevin Kern, formerly senior vice president and chief information officer at Unisys, has been named CIO for the Department of Homeland Security's Immigration and Customs Enforcement agency

Litigation, Investigation, and Law Enforcement

Rep. Lamar Smith Seeks 'Full, Thorough' Review of Healthcare.gov Security (ExecutiveGov) Some lawmakers have called on the Government Accountability Office to review Healthcare.gov's security features with the goal of ensuring identifiable information is not at risk of being hacked or stolen

In his words: How a whitehat hacked a university and became an FBI target (Ars Technica) David Helkowski set out to be a whistle-blower; he now faces the feds and unemployment

Examiner Editorial: Obama's chief science adviser must explain secret emails (Washington Examiner) White House Office of Science and Technology Policy Director John Holdren or somebody on his staff would have been well-advised to heed Sir Walter Scott's poetic warning: "What a tangled web we weave when first we practice to deceive." As a result, the Competitive Enterprise Institute filed suit in a federal court Monday claiming Holdren violated federal law and regulation by doing something he specifically advised employees not to do. That something was using a private email account to conduct official government business

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force...

US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.