skip navigation

More signal. Less noise.

Daily briefing.

Cyber-snooping on FARC talks will be resolved in Colombia's courts even as it roils the presidential election.

Chinese security organs accuse an "unnamed foreign country" (but they're looking at you, America) of actively recruiting students as agents. Quartz describes how Millennials in both countries are peculiarly vulnerable to this old-yet-new form of social engineering.

Recorded Future begins a series on how al Qaeda is muffling its digital exhaust post-Snowden. (Compare British MP Rifkind's assessment: Snowden's leaks were tantamount to an attack on the US.)

Sysadmins were warned this week against compromise by sparrows and ravens, but some of them need no such inducement. A former US Navy sailor—sysadmin on USS Harry S Truman—is charged with having led the anti-military hacktivist crew "Team Digi7al" from his spaces aboard the warship. Apparently he did it for the lulz.

The upcoming FIFA World Cup opens vast opportunities for phishing and waterholing.

Analysts point to the rapid evolution of malware, the large tribe of cyber attackers, and potential targets' burgeoning attack surface as more evidence that greater automation is required for effective defense. They also note the simultaneous difficulty and indispensability of threat intelligence: if it's not timely and well-structured, it's just so much glare.

A great deal of industry news focuses on investors' views of companies in the sector. Those views aren't uninformed, but they represent an unfamiliar perspective. Entrepreneurs might consider investors (stock buyers, not VCs) a low-information audience.

Welcome to the industry, Keith Alexander, now a cyber security consultant.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Colombia, Iran, Saudi Arabia, Switzerland, Thailand, Turkey, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Dirty tricks take over Colombian campaign (Buenos Aires Herald) Discovery of intel centre linked to Santos' rival comes just one day after aide's resignation. With presidential elections in Colombia just around the corner and the outcome still unclear, the main candidates' campaign teams have started resorting to dirty tricks

Man Accused of Cyber Spying on Colombian Government to Remain in Custody (Latino Daily News) A man arrested for conducting a clandestine cyber-espionage operation targeting the Colombian government's negotiations with leftist guerrillas will remain in custody pending trial, a judge ordered Wednesday

Foreign spies lure Chinese students (China.org.cn) China's security department has discovered overseas intelligence agencies are using the Internet and money to lure Chinese students to steal state secrets

China and the US are racing to turn poor, naive Millennials into spies (Quartz) Chinese state media are accusing an "unnamed foreign country" of recruiting spies at Chinese universities and through popular blogs and social media. This week, a series of news reports claim that unsuspecting Chinese, some of them as young as 16 years old, are being lured into working for foreign intelligence agents

How Al-Qaeda Uses Crypto Post-Snowden (Part 1) (Recorded Future) Since 2007, Al-Qaeda's use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs. Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations — GIMF, Al-Fajr Technical Committee, and ISIS — within a three to five-month time frame of the leaks

Threats Get a Kick Out of 2014 FIFA World Cup Brazil Buzz (TrendLabs Security Intelligence Blog) Cybercriminals are well-versed in preying upon anyone curious about world events. Case in point: the upcoming 2014 FIFA World Cup in Brazil. While the world is waiting for this, cybercriminals are not wasting time and are now launching new threats that turn global followers into victims

Sefnit Accomplices Account For Spike In Malware Infections (Threatpost) Plenty has been written about the Sefnit malware family and its favor with using Tor to mask communication, as well as the money it's made for criminals via click-fraud schemes. Sefnit, however, has had a pair of accomplices that until recently were regarded as harmless programs by most security companies. The trio, which now includes two malware families Rotbrow and Brantall, are responsible for a startling jump in malware infections detected in the fourth quarter of last year, according to Microsoft

SNMP: The next big thing in DDoS Attacks? (Internet Storm Center) It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTP's "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses

Address bar tweak in early Chrome beta puts even savvy users at risk (Ars Technica) Bug allows attackers to hide addresses used to phish passwords or push malware

The prime target for malicious emails (Help Net Security) In the first quarter of 2014 spammers started imitating messages from mobile applications. They especially like the popular mobile messengers — WhatsApp, Viber and Google Hangouts. Notifications supposedly sent from these applications were used to spread both malware and harmless adverts

New iPhone lock screen flaw gives hackers full access to contact list data (ZDNet) iPhone users are vulnerable to a lock-screen flaw that allows a hands-on hacker to gain full access to a user's contacts list

Four weeks on, huge swaths of the Internet remain vulnerable to Heartbleed (Ars Technica) Some 300,000 systems remain susceptible to catastrophic exploits, one scan shows

OAuth, OpenID Flaw: 7 Facts (Dark Reading) Authentication-protocol implementation security flaws are not as serious as Heartbleed, but Facebook and other sites must be fixed, say security experts

Orange bitten by data breach, leaks personal data from promotional messaging server (Naked Security) Back in November 2013, telecomms company Orange signed a data protection charter

Bitly breached, gives (shortened) details to customers on blog (Naked Security) Popular URL shortener Bitly is the latest cloud service to say, "Er, looks like crooks have been wandering around in our network"

Mystery surrounds Bitly's urgent security warning following security breach (We Live Security) If you have an account with the URL-shortening service Bitly you should read the "urgent security update" they have just published

WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak (Hot for Security) There's potentially some rather bad news today if you are a customer of WooThemes, the popular WordPress theme manufacturer

Ground(ctrl) Hacked (eSecurityPlanet) Users' e-mail addresses, passwords, and the last four digits and expiration dates of their credit cards may have been accessed

Data Breach at Vendor Exposes DeKalb Health Patient Information (eSecurityPlanet) More than 1,300 people's information may have been accessed

UMass Memorial Medical Center Admits Insider Breach (eSecurityPlanet) 2,400 patients' names, birthdates, addresses and Social Security numbers may have been accessed

Check Point: 'Unknown malware' hits enterprise nets 53 times a day (NetworkWorld) Check Point's annual security report says attackers are automating 'unknown malware' generation

1 In 10 US Smartphone Users Victims of Theft (Dark Reading) And 10 percent of smartphone loss and theft victims lose confidential business information with their stolen devices

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Advisory for WebEx Players (US-CERT) Cisco has released a security advisory to address multiple buffer overflow vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players. Successful exploitation of the vulnerabilities could cause an affected player to crash or allow a remote attacker to execute arbitrary code

No Windows XP, Office 2003 patches in May Patch Tuesday (ZDNet) The company will release eight bulletins, two of them critical, and five for Microsoft Windows. Windows XP is not scheduled to receive an update, nor is Office 2003 scheduled to receive either of the two Office updates

Adobe to release Acrobat/Reader update Tuesday (ZDNet) At least one critical vulnerability affecting supported versions of both Adobe Reader and Acrobat on both Mac and Windows will be patched next week

Anti-phishing in Google Chrome a shaky work in progress (CSO) Google's experimenting with anti-phishing in Chrome shows little progress in closing the gap with Microsoft's Internet Explorer

Cyber Trends

In the digital ocean, predators outnumber protectors (CSO) The Internet of Things offers almost magical convenience. But without better 'digital literacy,' it will be like swimming with sharks, says Josh Corman

Why Threat Intelligence Is Like Teenage Sex (Dark Reading) Everyone thinks everyone else is doing it, and most of the few people who are actually doing it aren't doing it all that well

Saudi Aramco Cyber Attacks a 'wake-up call', Says Former NSA Boss (Infosecurity Magazine) Gen. Keith Alexander warns of threat to CNI systems, but experts question whether 2012 incident was a game changer

CIOs fear compliance and regulation over IT failure to tackle big data (ComputerWeekly) Almost half (46%) of UK organisations are struggling to extract value from information due to current approaches to IT. As many as 87% of CIOs fear that failing to address their untapped intelligence will lead to issues with compliance and regulation, according to a research

Security Think Tank: KuppingerCole's security predictions for 2014 (ComputerWeekly) After the proliferation of Stuxnet, Duqu in 2012 and other Scada-focused attacks in 2013, industrial control system security will become an important topic in 2014, writes Robert Newby. Large-scale processes involving multiple sites over long distances will be increasingly subject to advanced persistent attack

Security Think Tank: ISF's top security threats for 2014 (ComputerWeekly) The top security threats global businesses will face in 2014 include bring your own device (BYOD) trends in the workplace, data privacy in the cloud, brand reputational damage, privacy and regulation, cyber crime and the continued expansion of ever-present technology

Network perimeter security still key despite virtualization shift: Watchguard (CSO) Increased use of virtualization may be driving many businesses to investigate internally focused data protection solutions, but customer appetite for hardware-based perimeter controls shows no sign of slowing, according to one solutions provider

Cloud app security exceptions have become the rule, says report (FierceITSecurity ) Cloud app security exceptions have become the rule, putting organizations' security at risk, warns the most recent Netskope Cloud Report. A disturbing 90 percent of cloud app usage is in apps that were blocked at the network perimeter but were granted exceptions, according to the report, which compiles data from Netscape Active Platform users

Microsoft: Deception Dominates Windows Attacks (Dark Reading) Deceptive downloads and ransomware tripled worldwide in Q4 2013, according to the new Microsoft Security Intelligence Report

Small businesses targeted with email-borne exploits (Help Net Security) Even though the data gathered by Microsoft points to the fact that cybercriminals now prefer deceptive tactics to exploits, it does not mean that the latter approach has been wholly abandoned

Growing dynamic in politically-motivated hacktivism (Help Net Security) While financial cybercrime becomes ever more entrenched through a consolidating demand and supply chain, the hacktivist landscape is more turbulent, vacillating constantly in tandem with geo-political turmoil

Chronic Disease Patients' Top Online Privacy Worries (InfomationWeek) Medical data privacy isn't as much of a worry as online banking data privacy for these patients, Accenture study finds

200 mn data records stolen in Jan-Mar 2014 globally: SafeNet (ZeeNews) Data breaches have witnessed a major surge this year with cyber criminals stealing around 200 million data in the first quarter, a whopping 233 per cent rise over the year-ago period, a report by SafeNet said on Wednesday

Marketplace

The Cyber Security Market Is Hot! Here's Why (Dark Reading) A dozen years ago the $3.5 billion security market was dominated by five vendors. Last year, VCs bankrolled 230 startups. My, how things have changed!

Startup Spotlight: Cloud Security Specialist Armor5 (eSecurity Planet) Most mobile security solutions utilize a traditional endpoint management approach, but not the cloud security service provided by startup Armor5

Want to be the next Mandiant and sell your company for $1 billion? Here's how not to do it. (Washington Business Journal) Things ended well for Alexandria-based Mandiant Corp., with a $1 billion acquisition by cybersecurity giant FireEye. But trying to follow too closely in the cyber company's footsteps will probably result in failure

Majority of data breach respondents did not have cyber insurance: Ponemon Institute (Canadian Underwriter) Only one in three companies surveyed by Ponemon Institute LLC have a cyber insurance policy to manage the risk of data breaches, but the average cost per compromised record was US$145, with some respondents reporting more than 100,000 compromised records

Data Breaches: a new source of worry and concern for company heads (AP via Detroit Legal News) Add hackers to the long list of things that give CEOs insomnia

Will Investors Regret Target's CEO Ouster? Compare to Sears, JCP (Forbes) There was much press this week about Target's CEO and Chairman, Gregg Steinhafel, being forced out. Blame reached the top job after the successful cyber attack on Target TGT +0.33% last year. But investors, and customers, may regret this somewhat Board level over-reaction to a mounting global problem

Open Source's Deep-Seated Conflict (InformationWeek) Heartbleed showed that it doesn't matter whether open source projects can patch bugs faster. The real issue is whether they can generate enough revenue to stay alive

Small firms invest big in content security to protect data (FierceITSecurity ) Faced with increasing threats to their data, small businesses are investing heavily in content security products

Firms have wasted millions on faulty IT security awareness programs, says ISF (FierceITSecurity) New training programs should focus on reducing risk rather than checking boxes

The Intelligence Community Needs a New Workforce Model (Nextgov) "Recognizing employees today and meeting unknown requirements for the future, strategic workforce planning is more important now than ever," said said Deborah Kircher, Chief Human Capital Officer for the Office of the National Director of Intelligence

Symantec Sales Forecast Shows Improving Security Demand (Bloomberg) Symantec Corp. (SYMC) is benefiting as hacking attacks fuel higher demand for cyber-security software, while cost cuts are bolstering profits

Symantec's 'Death of Antivirus' Is a Dangerous Marketing Ploy (Tom's Guide via Yahoo! News) Earlier this week, an executive of the antivirus software giant Symantec told a reporter from the Wall Street Journal that his company's core business model "is dead"

Why "AV is dead" is a dead end topic (Trend Micro Simply Security) It seems like not a day goes by without you hearing someone declare that "AV is dead." Most recently we've even seen people in our industry in the news making this claim

New buys for EMC may come in security, big data (PCWorld) EMC may be in the market for security and data analytics acquisitions as it builds out what it calls a federation of businesses among VMware, RSA Security, Pivotal and the company's traditional storage operations

Finjan Holdings To Begin Trading On The NASDAQ Capital Market (MarketWatch) Finjan Holdings, Inc. (otc mkt:FNJN) today announced it has received confirmation that its application to list the Company's common stock on The NASDAQ Capital Market has been approved by The NASDAQ Stock Market, a unit of the NASDAQ OMX Group

Procera Networks Inc Stock Downgraded (PKT) (The Street) Procera Networks (Nasdaq:PKT) has been downgraded by TheStreet Ratings from hold to sell. The company's weaknesses can be seen in multiple areas, such as its disappointing return on equity and generally disappointing historical performance in the stock itself

A**hat of the Year Award: Dave Dewalt, CEO of $FEYE (iBankCoin) I know it's early in the year and there will be plenty of gents worthy of this distinguished award. However, it would be impossible for anyone to steal this guy's thunder inside of the next 7 months of 2014

Ex-NSA chief Keith Alexander seeks post-Snowden second act (Politico) 'This effort is in its exploratory stages, and I look forward to the work ahead.' Former National Security Agency chief Gen. Keith Alexander is launching a consulting firm for financial institutions looking to address cybersecurity threats

Why Splunk Inc. Shares Went Splat Today (Motley Fool) What: Shares of intelligence software specialist Splunk Inc. (NASDAQ: SPLK) dropped nearly 13% early this morning, and then settled to close down around 6% as the broader tech sector pulled back

Doug Merritt Joins Splunk as Senior Vice President, Field Operations (MarketWatch) Tom Schodorf to retire at the end of FY15; Splunk delivers strong Q1 results

FTI Consulting Appoints Thomas Brown and Christopher Tarbell to Bolster its Cyber Security Solutions Offering (Broadway World) FTI Consulting, Inc. (NYSE: FCN), the global business advisory firm dedicated to helping organizations protect and enhance their enterprise value, today announced the appointment of Thomas Brown and Christopher Tarbell in the Company's Global Risk and Investigations Practice

Products, Services, and Solutions

Lockheed Martin Integrates Cyber Security Standards Into Open Source Platform for Automated Sharing (MarketWatch) Lockheed Martin LMT +0.27% announced its successful integration of the latest cyber security standards into an open source software platform

CipherCloud Announces Cloud Discovery Solution Latest Edition to Its Growing Portfolio (Bobsguide) New solution delivers visibility and risk scoring into Enterprise Cloud Application Usage

Technologies, Techniques, and Standards

Automated Traffic Log Analysis: A Must Have for Advanced Threat Protection (SecurityWeek) If there is a silver lining to the series of high-profile targeted attacks that have made headlines over the past several months, it is that more enterprises are losing faith in the "magic bullet" invulnerability of their prevention-based network security defense systems

Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL (The Register) 'Perfect example of how Snowden has improved our privacy' says professor

Heartbleed, IE Zero Days, Firefox vulnerabilities — What's a System Administrator to do? (Internet Storm Center) With the recent headlines, we've seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either

Using reputation-based security to mitigate IPv6 security risks (TechTarget) With the gradual switch to IPv6, I've read that attackers will have a basically infinite amount of unique IP addresses from which they will be able to send malicious traffic. Right now, my organization utilizes a reputation-based security system to filter out such traffic from known, malicious IPv4 addresses, but will that be possible once IPv6 uptake is in full swing? How should we change our network security posture to account for this new risk?

Cisco TelePresence vulnerability: Mitigate default credentials issues (TechTarget) A serious vulnerability was recently found in Cisco Systems Inc.'s TelePresence systems that could be triggered due to default credentials being left in place after system setup. Could you provide some security best practices that enterprises could implement for such systems, particularly in regard to the use of unique credentials?

Audit concerns when migrating from traditional firewall to NGFW (TechTarget) My organization is looking to transition from a traditional firewall to a next-generation firewall (NGFW), but I'm concerned about the overlap when both will be in use. Are there any inherent dangers involved with running them side-by-side during the transition? Or could there even be advantages depending on how we write our firewall policies?

Inside United Airlines' nerve center (IT World) From a desk in downtown Chicago, United dispatchers can talk to pilots anywhere in the world

The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now (TrendLabs Security Intelligence Blog) Is hardware security any better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is… but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually, this is an implementation of a "standard" cipher (like AES) or a pseudorandom number generator (PRNG)

Design and Innovation

2014 NBIA Incubation Award Finalists (NBIA) …Cyber Incubator at bwtech@UMBC, Baltimore, Md., Alexandra Gold, incubator manager…Achievements: bwtech's Cyber Incubator has been financially stable due to diligent oversight by its staff and Board of Directors, by its ability to negotiate a below market rent for the incubator with the building owner and due to support from the State of Maryland for leasehold improvements, says Alexandra Gold, incubator manager

Research and Development

World's First Covert Communications System with Camouflage Guaranteed (MIT Technology Review) Sometimes encrypting messages isn't enough, and the very act of sending them must be hidden as well. Now physicists have discovered how to camouflage messages and guarantee that they remain hidden

No God In The Machine (InformationWeek) Artificial intelligence cannot replicate human consciousness, say Irish researchers in new study

Scientific computing's future: Can any coding language top a 1950s behemoth? (Ars Technica) Cutting-edge research still universally involves Fortran; a trio of challengers wants in

RAND: Navy should adopt a cloud-based system to help it better collect, analyze and distribute sensor data (FierceGovernmentIT) The Navy should adopt a cloud-based system to keep pace with the growing demand for intelligence, surveillance and reconnaissance data that are needed for situational awareness and other mission-critical tasks, said researchers in a new RAND report

Legislation, Policy, and Regulation

MPs call for spy agency oversight reforms (ComputerWeekly) Parliament's cross-party home affairs select committee is calling for wide and radical reforms of intelligence agency oversight mechanisms to improve accountability

The life of National Councillor Balthasar Glättli under surveillance (Digitale Gesellschaft) Interactive visualisation of data retention in Switzerland

Turkey has censored more than 100 tweets in the past week (The Verge) More than a month after Turkey lifted its Twitter block, the country's government is still keeping a close eye on any potentially embarrassing tweets. This week alone, Turkish courts have filed five separate takedown motions to Twitter HQ, requesting the removal of over a hundred tweets

ADF to embrace cyber warfare in future military operations (Sydney Morning Herald) The Australian Defence Force has embraced cyber warfare, deception and disinformation through the internet as key elements of future military operations. However, newly declassified ADF papers provide no guidance on how efforts to influence and deceive adversaries will not also mislead the Australian public and media

Google, Amazon and other online giants warn FCC on net neutrality (IT World) Weaker net neutrality rules will pose a 'grave threat' to the Internet, they say

Regulating User-Generated Health Information, Privacy an Uphill Battle (Threatpost) The proliferation of wearable devices coupled with smartphone apps that monitor heart rates and other health metrics raises an important question: How exactly should the information generated by these devices be regulated? If there's a fist fight in a bar can a person's Fitbit accelerator be subpoenaed? How much user-manufactured data can companies share or integrate into advertising?

State CIOs call for federal collaboration on cyber security (Business Insurance) Members of the National Association of State Chief Information Officers urged more federal collaboration on cyber security issues during the Kentucky-based organization's midyear conference

NASA Reports Most Cyber Incidents But Gets an 'A' for Compliance (Wall Street Journal) The National Aeronautics Space Administration reported the highest number of cybersecurity incidents in 2013. Paradoxically, it also has one of the best track records among federal agencies of complying with security regulations, according to a May 1 report to Congress by the Office of Management and Budget. Analysts say NASA's cybersecurity situation is a sign the government is measuring the wrong things

Litigation, Investigation, and Law Enforcement

US Navy sysadmin charged with 'Team Digi7al' hacktivist attacks on military (CSO) A sysadmin who worked in the nuclear reactor department of a US warship used his privileged access to hack Navy databases before boasting of the exploits on Twitter, US Government prosecutors have alleged

U.K. Intelligence Watchdog Says Snowden Leak Was Attack on U.S. (Bloomberg BusinessWeek) Malcolm Rifkind, the lawmaker running the parliamentary committee that oversees British spies, said Edward Snowden's leaks about the extent of surveillance by British and American agencies was an "attack on the U.S."

FTC Must Disclose Consumer Data Security Standards (InformationWeek) A company accused by the FTC of failing to provide adequate data security has the right to know the required security standards, administrative judge rules

Apple will notify customers when the law demands their personal data (Naked Security) Earlier this month, Apple joined other, growingly defiant tech companies with the decision to stop quietly going along with investigators' demands for its users' email and other electronic data

Legal Guidelines Say Apple Can Extract Data From Locked iOS Devices (Threatpost) If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings

A county's only unsolved murder has a victim without a digital footprint (Ars Technica) It's now notable when a case has no digital evidence to speak of

Senator: S.C. hacker received $25,000 ransom (The State) A state senator said Thursday that he believes federal authorities paid a $25,000 ransom to the computer hacker who stole the personal data of 6.4 million residents from the South Carolina Department of Revenue

Server mishap results in largest HIPAA fine to date (FierceHealthIT) A breach of electronic protected health information impacting 6,800 individuals at two New York-area hospitals discovered in the summer of 2010 has resulted in the largest HIPAA settlement to date—$3.3 million

Snapchat agrees to settlement with FTC over privacy complaints (Naked Security) Snapchat and the US Federal Trade Commission (FTC) agreed to terms in a settlement over privacy complaints, including that the fast-growing mobile messaging service had "deceived users"

Saudi blogger sentenced to ten years in jail, $266K fine and 1,000 lashes for insulting Islam (HackRead) Raif Badawi, a Saudi blogger has been sentenced to prison for ten years plus 1,000 lashes as a punishment for allegedly insulting the religion of Islam on an online liberal forum he created. The criminal court in Jeddah also ordered Badawi to pay one million Saudi riyals (about $266,000) as a fine. Badawi's liberal forum was closed after his arrest in 2012

Swiss Bank Hacker Arrested in Thailand (eSecurity Planet) Mohamed Yassine Gharib is accused of involvement in the theft of more than $18 million from Swiss banks

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

How the SBIR/STTR Program Can Help Grow Your Business (Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of...

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...

Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.