skip navigation

More signal. Less noise.

Daily briefing.

The Belgian Foreign Ministry works to recover from the latest cyber attacks it's sustained. (The Ministry is more attack route than primary target: the attackers are interested in third parties.)

Symantec has a good brief account of the Elderwood platform's resurgence in recent zero-day campaigns. Organized criminals behind Elderwood (and their customers) would do well to take note of two bits of law enforcement news. In some demand-side policing, an international manhunt (European and Australian) is kicking in the doors of Blackshades malware buyers. And in the United States the mob-busting RICO battle-axe has been used to send a low-grade cyber crook away for twenty years.

The zero-day Microsoft closed in its recent out-of-band patch continues to be actively exploited, with Australian enterprises reporting attacks using exploits designed to evade defenses.

Banking Trojan Zeus Gameover is also evolving, and now hits victims in new countries (South Africa, Nigeria, India, Singapore, Turkey, UAE, Saudi Arabia, Australia, Croatia, and Greece among them).

Did you know Kaspersky sold a "Kaspersky Mobile" security app in the Windows Phone store? Neither did Kaspersky—there's no such product—and Kaspersky Labs alertly exposed the fraud. A similarly bogus "VirusShield" was discovered in the Android store last month. Caveat emptor, but more scrutiny of products by the stores themselves would be welcome.

In the US, the Retail Industry Leaders Association and the National Retail Federation organize separate cyber threat information-sharing efforts. Observers hope the two associations will succeed in developing actionable intelligence through the glare of alerts.

Notes.

Today's issue includes events affecting Australia, Belgium, China, Croatia, Denmark, European Union, Finland, Germany, Greece, India, Italy, Netherlands, New Zealand, Nigeria, Russia, Saudi Arabia, Singapore, South Africa, Sweden, Turkey, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Belgium Gets Hacked…Again (Wall Street Journal) Belgium's foreign ministry has no access to emails or the World Wide Web after it was hacked recently, although systems to handle passports and visas are up and running again. The ministry cannot tell, because it doesn't yet know, just when the attack started and how long it has been underway

Five-year-old Elderwood zero-day gang rides again (SC Magazine) More intelligence sharing is needed to tackle this type of zero-day threat, says Tom Cross, Lancope director of security research

How the Elderwood Platform is Fueling 2014's Zero-Day Attacks (Symantec) Back in 2012, Symantec researched the Elderwood platform, which was used in spear-phishing and watering-hole attacks against a wide variety of industries. The Elderwood platform essentially consists of a set of exploits that have been engineered and packaged in a "consumer-friendly" way. This allows non-technical attackers to easily use zero-day exploits against their targets

Recently patched IE 0-day abused in APT attacks (Help Net Security) When Microsoft issued an out-of-band security update to patch the zero day Internet Explorer vulnerability on May 1, it was revealed by researchers from security company FireEye that the bug was being actively exploited by attackers targeting US-based defense and financial firms

Hackers using IE exploit against Australian businesses (ZDNet) Australian businesses in the resource and mining, financial services, and telecommunications sector are the latest targets of hackers exploiting Internet Explorer zero day

Zeus 'Gameover' Trojan Expands Global Reach (Dark Reading) Cybercrime clients configure juggernaut Gameover variant of banking Trojan to reach bank customers in new countries

SNMP could be the future for DDoS attacks (SC Magazine) After DNS and NTP vectors are cut off, SNMP may be used to carry out DDoS attacks. DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront

Bogus anti-virus apps in the official Windows Phone and Android app stores (Graham Cluley) Security researchers at Kaspersky Lab have raised a querulous eyebrow after discovering a Kaspersky Mobile in the Windows Phone store

DogeVault says attackers gained access to virtual machines (CSO) The service lost 280 million dogecoins and has recovered 120 million

Breaches and Attacks that are "Not in Scope" (Internet Storm Center) Last week, we saw Orange (a Telecom company based in France) compromised, with the info for 1.3 million clients breach. At this time, it does not appear that any credit card numbers or credentials were exposed in that event. The interesting thing about this data breach was that it involved systems that would not be considered "primary" — the site compromised housed contact information for customers who had "opted in" to receive sales and marketing information

Why do people hack Social Media accounts? (Panda Security News) 'Why would a hacker want to break into my Facebook account when there is nothing of any real value there?' you may think. Think again. Your seemingly harmless information such as holiday photos, latest purchases and restaurant reviews can be a goldmine when they end up in the wrong hands

Dairy Queen catches flack over data privacy fail, says let them eat cake (FierceBigData) Ok, that's not exactly how it went down but the gist is still true. In honor of Mother's Day, Dairy Queen offered a brain-freeze deal--not from its free offer of an ice cream cake but from the strings attached to it

Data Breach Exposes 3,500 New Zealand Dentists' Personal Information (eSecurity Planet) Names, titles, home addresses, phone numbers, email addresses, user names and passwords were exposed

5 EYEWITNESS NEWS Investigates Flaw in Security of Popular Websites (5 Eyewitness News) Your bank, your email, and your favorite retailer — your online accounts with all three — could be vulnerable to an attack almost any hacker could pull off

Security Patches, Mitigations, and Software Updates

Bitly Installs Two-Factor Security After Insider Account Compromise (eWeek) Back on May 8, popular URL-shortening service Bitly admitted that its systems were compromised. As it turns out, Bitly has now disclosed that the problem is just the latest example of an insider compromise

Apple releases OS X Mavericks 10.9.3, repeats last month's security updates (Naked Security) In the very latest Chet Chat podcast, we wondered aloud if Apple was heading into what you might call the "patching mainstream"

Apple releases Mac OS X 10.9.3, but offers scant information on improvements (Intego) Today Apple has released a new version of its desktop operating system, OS X 10.9.3, but offered the barest of details regarding what the minor update actually fixed

Adobe's Last XP-ready Patches Cover Critical Updates for Flash, Acrobat and Reader (Infosecurity Magazine) The software maker announces fixes for several remote code execution vulnerabilities

Microsoft's .NET Framework security updates further effort to phase out RC4 encryption (PC World) Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections

Microsoft bug hunters kicked 0day own goal (The Register) Redmond no longer tells world about bugs until it checks own exposure

Google Apps users getting encrypted messaging that goes beyond Gmail (CSO) Google is making available a service to allow its enterprise customers to send and receive encrypted e-mail to users of non-Google mail systems, including Yahoo and Microsoft Exchange

Cyber Trends

Cybercriminals targeting unlikely sources to carry out high-profile exploits (Help Net Security) Cybercriminals continuously discover more ways to successfully target new outlets for financial theft, according to Trend Micro. Greed is motivating cybercriminals to take a non-traditional approach in the selection of unlikely targets, such as advanced threats to Point-of-Sale (PoS) terminals and the exploitation of disasters

Symantec: New era of 'Mega Breaches' signals bigger payouts for cyber criminals (Techday) After lurking in the shadows for the first ten months of 2013, cyber criminals unleashed the most damaging series of cyber attacks in history

Consumers have little security concern with BYOD (Help Net Security) Despite the rise in the use of personal devices for business use, U.S. consumers are showing scant concern for security when it comes to BYOD

Workers download malware in SA companies (News 24) Malware designed to steal sensitive data is on the increase and employees in 84% of South African companies download the software once every 10 minutes

Over Half of US Firms Have No Formal BYOD Agreements with Staff (Infosecurity Magazine) Gartner research highlights huge security blindspot for organizations which allow use of personal devices for work

Cyber experts tread carefully around the Internet (Reuters) They know the risks of the Internet better than anyone, but most cyber experts still shop and bank online — with care

How to Ensure Your Social Media Privacy (CIO) Living a genuinely private life in today's increasingly social and interconnected world requires an equal measure of patience, research and ingenuity. Of course, digital marketers say you worry too much

Marketplace

Dual Retail Cyberthreat Intelligence-Sharing Efforts Emerge (Dark Reading) The Retail Industry Leaders Association (RILA) rolls out a retail ISAC following the National Retail Federation's (NRF) announcement last month of an intel-sharing platform planned for June

Retail stores commit to cyber info sharing (The Hill) More than 50 major retailers like the Gap, Safeway, Target and J.C. Penny are getting together for a new push to fight hackers

Target, JC Penney among new ragtag retail cybersecurity team (ZDNet) They join the likes of Safeway and Lowe's in the Retail Industry Leaders Association, a collaborative organization aimed at helping retailers share threat data

How retailers can boost security through information sharing (CSO) Retailers have formed a group for sharing threat intel, but experts say success depends on trust and technology

A State of Security Event Overload (Dark Reading) As many as 150,000 security events are logged each day in some enterprises, new data shows

Business needs to shift budget to relevant security, says Verizon (ComputerWeekly) Many businesses are failing to invest in blocking the threats that are actually hitting them, says Eddie Schwartz, vice-president of global security solutions, Verizon. "This is because most of their budget is still being spent on traditional perimeter defences, which means there is little left over for anything else," he told Computer Weekly

Report Shows Global Market Jittery on Cloud, Due to NSA (MSP News) Edward Snowden's revelations about the widespread snooping activities of the US National Security Agency have made businesses much more circumspect in their choice of cloud services providers, especially those that host data in the USA

Electronic Frontier Foundation praises tech firms for post-PRISM privacy moves (V3) Internet and technology rights group the Electronic Frontier Foundation (EFF) has praised the improved transparency of Google, Microsoft, LinkedIn, Twitter and Facebook, among others, which it says have upped their game in response to the public reaction to Edward Snowden's NSA-related whistleblowing

Why the FBI Wants to Procure Malware (Nextgov) The FBI seeks a commercial supplier of malicious software to supply the intelligence agency with a steady stream of 30 to 40 gigabytes per day of old variants and new, unique malware for research purposes

Agencies near cyber-workforce deadline (FierceGovernmentIT ) By the end of the fiscal year, agencies must update and re-define current and future cybersecurity positions by applying the National Cybersecurity Workforce Framework taxonomy to all positions in the Information Technology Management 2210 and 443 Occupation Series

Rackspace Hires Morgan Stanley To Explore Its Options (CRN) Data hosting and cloud giant Rackspace Hosting said Thursday that it has hired Morgan Stanley to explore the possibility of partnering with another technology firm or being acquired

Tenable Network Security is Selected as a Finalist for the 2014 Red Herring Top 100 North America Award (MarketWatch) Tenable Network Security®, Inc. the leader in real-time vulnerability, threat and compliance management, announced today it has been selected as a finalist for Red Herring's Top 100 North America award, a prestigious list honoring the year's most promising private technology ventures from the North American business region

Products, Services, and Solutions

High-Tech Bridge launches online on-demand web penetration testing service ImmuniWeb (Dark Reading) On-demand ethical hacking service delivers new approach to website security assessment, manually-written report guarantees zero false-positives

Eset launches upgraded mobile security system (Telecompaper) Global ICT security specialist Eset has released the latest version of Eset Mobile Security, which arms Android users with proactive anti-theft features to track lost or stolen mobile devices

Bitdefender Launches Removal Tool for Stubborn Mac Adware (Broadway World) Bitdefender, the innovative antivirus software provider, has released the Bitdefender Adware Removal Tool to remove aggressive adware such as Genieo that can alter users' search results, inject ads and monitor web sites visited

Cimcor & SWC Technology Partners Form Partnership (IT Business Net) Cimcor is pleased to announce a partnership with SWC Technology Partners. This is Cimcors newest U.S. partner that will offer CimTrak, the innovative IT security, integrity and compliance technology developed by Cimcor. Built around leading-edge file integrity monitoring (FIM) technology, CimTrak provides deep situational awareness into changes occurring in an organizations IT infrastructure and is deployed heavily to meet payment card industry digital security standards

Proofpoint Targeted Attack Protection Featuring Predictive Defense Named Winner for Microsoft Best of TechEd Awards (MarketWatch) Proofpoint builds momentum in storied Microsoft partnership with next-generation email security solutions

Mac adware removal tool (Help Net Security) Bitdefender has released the Bitdefender Adware Removal Tool to remove adware such as Genieo that can alter users' search results, inject ads and monitor visited web sites

CIS Configuration Assessment Tool 3.0 released (Help Net Security) The Center for Internet Security (CIS) announced the release of an enhanced version of its CIS Configuration Assessment Tool, known as CIS-CAT

Technologies, Techniques, and Standards

Retail Breaches Bolster Interest In NIST Cyber Security Advice (InformationWeek) Target data breach highlighted risks in corporate supply chains, and companies are looking to government guidelines for ways to shore up cyber defense, says White House

Brown HIV researchers make Dropbox secure with nCrypted Cloud (CSO) Consumer tech acceptable for sensitive data with a little help from encryption

Beware Cognitive Bias (Dark Reading) Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow

TechEd: Microsoft says Tor cannot stop PRISM snoops and cyber crooks (V3) The Tor network cannot protect web users from cyber criminals and state hackers, according to a top Microsoft security expert

Collecting Workstation / Software Inventory Several Ways (Internet Storm Center) One of the "prepare for a zero day" steps that I highlighted in my story last week was to inventory your network stations, and know what's running on them. In short, the first 2 points in the SANS 20 Critical Security Controls. This can mean lots of things depending on your point of view

How to Protect PII (eSecurity Planet) Personally identifiable information, or PII, is especially valuable to hackers. Here's how to make sure they don't get their hands on it

Academia

QinetiQ hosts MP visit (Worcester News) Sir Peter Luff MP meets QinetiQ graduates and students from The Chase School currently on placement with QinetiQ. Graduates at defence technology company QinetiQ shared their experiences and aspirations as part of a national campaign

Legislation, Policy, and Regulation

Saudi King Reshuffles Defense Posts (Defense News) Saudi Arabia's King Abdullah on Wednesday reshuffled top defense posts, removing the deputy minister and the chief of staff, state news agency SPA reported

Saudi Government Seeks Hackers (eSecurity Planet) The hackers will be employed by the country's National Information Center to find vulnerabilities in Saudi Arabia's networks

New Zealand Spy Agency Trained by NSA in Mass Surveillance; PM John Key Refuses to Comment (International Business Times) New Zealand Labour has asked Prime Minister John Key to admit that the country's spy agency has been trained by the U.S. National Security Agency to do mass surveillance. Documents published in a new book revealed that all agencies involved in the Five Eyes Network were trained to operate a sophisticated system that can sift through phone numbers, email addresses and online chat messages

Haglund defends NSA co-operation (Helsinki Times) Military intelligence co-operation is a prerequisite for Finland's participation in international crisis management operations, the Minister of Defence has suggested. Carl Haglund (SFP), the Minister of Defence, has spoken up for the co-operation between the Finnish military intelligence service and the US National Security Agency (NSA), emphasising that Finnish intelligence operations concentrate solely on military targets

The Intelligence Legitimacy Paradox (Lawfare) I have spent the day, which is not over yet in Palo Alto, at a conference at the Hoover Institution on "Intelligence Challenges"…And from the beginning of the day, one theme has arisen repeatedly: call it the "intelligence legitimacy paradox." The paradox, about which more than one speakers has wrung his or her hands, is that the threat environment America faces is growing ever more complicated and multifaceted, and the ability to meet it is growing ever-more-deeply dependent on first-rate intelligence. Yet at precisely the same time, the public has grown deeply anxious about our intelligence authorities and our intelligence community is facing a profound crisis of legitimacy over its basic authorities to collect. The explanation for the paradox, I think, is simple: technology

Cisco CEO: U.S. Should Reform Surveillance Rules (InformationWeek) Cisco CEO John Chambers says his company does not enable NSA spying, and that the U.S. government must establish proper policies

McCain Attacks Google and Yahoo in Hearing on Malicious Online Ads (Advertising Age) Sen. John McCain took aim at Google and Yahoo this morning during a Senate hearing on malicious online advertising, stating the companies "have a responsibility to help protect consumers from the potential harmful effects of the advertisements they deliver." The Arizona Republican also indicated the responses of the online ad giants during the hearing will compel him to push harder for legislation protecting consumers against malicious ads

Cyber pros, single security architecture among JIE-related priorities (C4ISRNet) As the Defense Department enters into an era of shared services and joint programs — many of which center on the Joint Information Environment — a new generation of priorities are emerging, according to one top DoD official

FCC 'Open' Internet May Mean 'Paid' (Dark Reading) Federal Communications Commission votes to consider broadband rules that could allow data fast lanes. Public invited to comment

The FCC doesn't have to authorize Internet fast lanes—they're already legal (Ars Technica) What the FCC chair really means when he says he isn't legalizing paid fast lanes

FCC Proves Yet Again That It's Out to Kill Net Neutrality (Wired) Well, that meeting of the Federal Communications Commission earlier today was certainly a lot of sound and fury signifying next to nothing

Litigation, Investigation, and Law Enforcement

BREAKING: International police hunt on Blackshades malware buyers (Cyberwarzone) The countries Germany, Australia, Denmark, Sweden, Italy and The Netherlands are operating together in a major police operation which is after people that have bought the 'Blackshades malware' from the darknet and supplyers. The Blackshades malware can be bought for 40 to 100 dollars on the darknet

22-year-old "organized crime" cybercrook convicted under racketeering law gets TWENTY years (Naked Security) Late in 2013, we wrote about what turned out to be something of a landmark criminal case in the USA. Cybercriminal David Ray Camez, 22, from Arizona, USA, was already serving a seven-stretch for cyberfraud when he was brought to trial in 2013, this time under RICO, the Racketeering Influenced Corrupt Organizations Act

Anti-gangster law invoked to score stiff sentence against two-bit cyberthief (Ars Technica) RICO helped take down the Gambino crime family. Now, it's being used online

Edward Snowden: Whistleblower or Foreign Intelligence Agent? (Communities Digital News) Edward Snowden, the National Security Agency contractor behind the massive leak of classified U.S. intelligence documents, continues to dominate headlines for his notorious exposé of the NSA's domestic surveillance program

Politician, paedophile and GP claim 'right to be forgotten' (Telegraph) Google has already received several requests to remove links from its search results

If Google is forced to forget, the internet will remember (The National) The American constitution refers to three fundamental rights — to life, liberty and the pursuit of happiness. Europe has just added a new right for the digital age, the "right to be forgotten". This is at the basis of an explosive ruling by the European Court of Justice that allows people to delete information they do not like from the results of Google searches

Most plaintiffs dismissed in SAIC's case of the unencrypted backup tapes (FierceITSecurity) It's hard to keep data breaches straight any more, but maybe you'll remember this one: In 2011 an SAIC employee was driving unencrypted backup tapes from one facility to another for Tricare, a military health program provider

Convicted Facebook paedophile walks free (Naked Security) Timothy StoreyOn Facebook, he was a wealthy 18-year-old prep school leaver called Tim Stone who listed "exercise, girls and naughtiness" as interests and who had almost 800 Facebook friends — all of them girls under 18

For the Delicious Irony Files (Lawfare) A report from the cyber underground where most of my Lawfare colleagues don't normally follow: File this one as a delicious irony (or, if you prefer, a delightful irrationality). Many will recall that back in 2010 when WikiLeaks first started releasing classified materials many of the financial intermediaries (Visa, Mastercard, Western Union and PayPal) started blocking donations to WikiLeaks. In retaliation, hackers affiliated with Anonymous initiated DDoS attacks on those web sites

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies...

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's...

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.