skip navigation

More signal. Less noise.

Daily briefing.

CSO advises companies to raise their vigilance against malware during periods of political crisis. Four crises at least currently warrant such increased vigilance: Russian appetite for Ukraine and Georgia (with Donets and Abkhazia on the menu, and a Russian-led trade union in the near abroad as dessert), Chinese assertion of territorial rights in the South China Sea (Vietnam is in the cyber crosshairs, the Philippines next), and Thailand's recent coup d'état (accompanied by ongoing information operations).

iSight reports on Iranian intelligence operations against the US. They involve traditional espionage tradecraft adapted to cyberspace.

The ransomware campaign exploiting the iLock feature on Apple devices (possibly enabled by compromised iCloud credentials) has spread from Australia and New Zealand to California.

Another new ransomware effort (and CryptoLocker competitor) CryptoDefense, recently investigated by Bromium, is causing concern, but there may be good news: flawed implementation of the malware has enabled some victims to recover their files.

Encryption darling TrueCrypt has apparently taken itself down. A warning against using it appeared on the TrueCrypt site yesterday along with a recommendation to switch to Bitlocker. Some observers think this may be a hack—the text on the relevant page had the short look of defacement—but the emerging consensus holds that TrueCrypt is indeed gone.

Researchers find vulnerabilities in NICE Systems' lawful intercept products.

Siemens patches Rugged OS.

Neither China nor the US is backing down from their mutual cyber recriminations. One consequence appears to be a pop in Chinese tech stocks.

Edward Snowden wants to come home.

Notes.

Today's issue includes events affecting Australia, Belgium, Canada, China, Denmark, Finland, Georgia, Indonesia, Iran, Israel, Japan, New Zealand, Norway, Pakistan, Philippines, Romania, Russia, Slovenia, South Africa, Thailand, Ukraine, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

Increase your malware vigilance during geopolitical conflicts (CSO) Research shows that malware activity is likely to increase dramatically during geopolitical tension, and companies are the targets

Beijing may call Hanoi's bluff and start war: Duowei (Want China Times) Vietnam is taking a big gamble by inflaming its territorial dispute with China as Beijing could very well consider starting a war, reports Duowei News, an outlet run by overseas Chinese

Russia Urges Emergency Steps on Ukraine Amid Rebel Losses (Bloomberg) Russia called for unspecified "emergency" measures to halt the violence in eastern Ukraine after separatist militias suffered the heaviest casualties of their insurgency

Presidential Building Is Stormed in Restless Georgian Region (New York Times) Hundreds of demonstrators occupied the presidential headquarters of Abkhazia, a breakaway enclave of Georgia, on Wednesday, demanding the resignation of the region's leader and the dismissal of the government in the latest tumult to grip a separatist area supported by Russia

Thailand's military is cracking down on social media, street protests, and illicit hardwood (Quartz) This isn't the Thai military's first coup d'état, but it is introducing some new wrinkles this time around, including restrictions on public dissent, a dry run blockade of Facebook, and some high-profile investigations of people associated with the ousted Pheu Thai party–not for opposing the coup, but for illegal possession of teak wood

Iranian group created fake news organization to hack U.S. military (ComputerWorld) Active since 2011, the group targeted more than 2,000 U.S. military members, defense contractors and lobbyists, iSight Partners said

Mass Cyber Attack Locking, Holding Apple Devices Ransom Reaches Southern California (CBS Los Angeles) A global cyber attack, in which a hacker is targeting and locking iPad, iPhone and other Mac devices, and sending out a ransom message to the afflicted, has reportedly reached the Southland

Apple Ransomware Targeting iCloud Users Hits Australia (Threatpost) A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware

CryptoDefense ransomware infects via Java drive-by exploit (Graham Cluley) Boffins at security firm Bromium have discovered that the CryptoDefense malware has been spread via boobytrapped webpages, in an attempt to make more money for its creators

CryptoLocker Ransomware Competitor May Have Fatal Flaw (Threatpost) CryptoLocker certainly changed the ransomware game last year when it threatened its victims with the loss of important files if a timely ransom payment was not made. Reportedly, criminal gangs utilizing this dangerous type of ransomware were earning hundreds of thousands of dollars per month

True Goodbye: 'Using TrueCrypt Is Not Secure' (Krebs on Security) The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP

Ominous Warning or Hoax? TrueCrypt Warns Software 'Not Secure,' Development Shut Down (Threatpost) Is it a hoax, or the end of the line for TrueCrypt?

True Crypt Compromised / Removed? (Internet Storm Center) Earlier today, the popular disk encryption tool Truecrypt was essentially removed from Sourceforge, and replaced with a warning that Truecrypt is no longer secure and people should switch to Bitlocker (with instructions as to how to do this). The source code was updated and essentially all functionality was removed but the installer will now just show a message similar to the one displayed on the homepage

Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery (Forbes) Encryption is a silent, unsung hero of our modern connected society . From protecting your sensitive details when you log on to Internet banking to protecting data on your laptop or mobile phone if it is lost or stolen, 'crypto' (the oft used shortened version of encryption) is a supporting pillar of the global economy and most of the digital world we all touch day to day. Establishing trust in crypto (and thus in technology as a whole), now more than ever with the revelations of the past 18 months, is difficult and the following news therefore potentially comes as a significant blow to online privacy and security. Or as some in the industry would put it, or is it?

Here's what you need to know about the sudden and mysterious death of TrueCrypt (Gigaom) It's a mystery that has the information security industry scratching its collective head: why did the anonymous developers of TrueCrypt, a tool recommended by the likes of Edward Snowden, suddenly kill the project and recommend a Microsoft encryption tool instead?

HeartBleed Virus Removal Tool Actually Carries a Trojan (Softpedia) You can't blame anyone for not knowing malware from OpenSSL flaws in the same way you can't accuse Einstein of not figuring it all out before he expired. Case in point, a new spam campaign is trying to dupe Windows users into running a so-called HeartBleed Bug/Virus Removal Tool to clean their computers

Remotely Exploitable Flaws Haunt Lawful Intercept Surveillance Gear (Threatpost) The small, but growing, group of companies that supply so-called lawful intercept gear to intelligence agencies and law enforcement organizations around the world have operated mostly under the radar until very recently. Their products are used to record and scrutinize the communications of suspected criminals and terrorists, but now they're finding that their products are coming under scrutiny by the security research community

Scrape FAST, Find'em Cards EASY! (TrendLabs Security Intelligence Blog) While researching POS RAM scraper malware, I came across an interesting sample: a RAR archive that contained a development version of a POS RAM Scraper malware and a cracked copy of Ground Labs' Card Recon software. Card Recon is a commercial Data Leakage Prevention (DLP) product used by merchants for PCI compliance

New 'Sweetheart' Schemes Exploit Mobile (BankInfoSecurity) Fraudsters abuse RDC services for fraudulent checks

Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit (Dark Reading) Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD

eBay subdomains vulnerable to XSS attacks, researchers find (SC Magazine) While eBay responds to a major breach impacting its users, researchers warn that other security concerns should be on the company's list of issues to resolve — namely, cross-site scripting (XSS) flaws impacting its website

New Web Vulnerabilities Expose eBay User Data Again (Infosecurity Magazine) Internet giant eBay is hit with fresh revelations over preventable flaws in its website

Antivirus firm Avast! takes down forums after breach (The Register) You know the drill: change your passwords and prepare for the worst

Data Thieves Not Satisfied With Just Payment Data Anymore (PYMNTS) Payment card data continues to be the prime target for data compromises, but increasingly thieves are starting to go after other types of personal and valuable data to steal, according to a new report from security firm Trustwave

Which of your favourite websites are terrible at passwords? (Naked Security) Match.com, you might be one of the biggest dating sites out there, but you're breaking our hearts

Our online advertising model fails have put us all in danger (Naked Security) We don't like paying for things. No point in handing over hard-earned cash for something when we can get the same thing for free, we think

Stolen Computers Expose 1,213 Elliot Hospital Patients' Data (eSecurity Planet) Names, addresses, phone numbers, birthdates and health information may have been accessed

Security Patches, Mitigations, and Software Updates

Siemens Fixes DOS Flaw in Rugged OS Devices (Threatpost) Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company's RuggedCom switches and serial-to-ethernet devices

Patching the wrong product — a bad thing? (ZDNet) Microsoft warns that using Windows POSReady patches on a regular Windows XP system could cause problems. How seriously should you take this?

Important Notice to Our Users (Spotify) We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we're taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I'm posting today

Cyber Trends

Hackers are winning the cyber crime war, says new study (TechTimes) The cyber war is going well, at least if you are one of the hackers, states a new study published by the California business consulting firm PwC, the United States Secret Service, the CERT Division of Carnegie Mellon University's Software Engineering Institute and CSO security news magazine

The Half-Baked Security Of Our 'Internet of Things' (Forbes) It is a strange series of events that link two Armenian software engineers; a Shenzen, China-based webcam company; two sets of new parents in the U.S.; and an unknown creep who likes to hack baby monitors to yell obscenities at children. "Wake up, you little slut," the hacker screamed at the top of his digital lungs last summer when a two-year-old in Houston wouldn't stir; she happened to be deaf. A year later, a baby monitor hacker struck again yelling obscenities at a 10-month-old in Ohio

2013 Incident Summary (New Zealand National Cyber Security Centre) The incidents summarised in this report reinforce that cyber security is truly a global issue, and New Zealand organisations are just as vulnerable as organisations in any other part of the world

8 key cybersecurity deficiencies and how to combat them (Help Net Security) While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organization' cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries

Employee behaviors expose organizations to insider threat (Help Net Security) A third of UK professionals are likely to consider risky behaviors that endanger or undermine data protection

Ineffective password security practices plague organizations (Help Net Security) Just over 13 percent of IT security professionals admit to being able to access previous employers' systems using their old credentials, according to Lieberman Software

Fraud study finds MasterCard holding lowest fraud rate (Help Net Security) 2Checkout released a study of online payments fraud, based on a worldwide sample of approximately one million payment transactions tracked each quarter

Marketplace

China Accuses Cisco Of Working 'Intimately' With U.S. Gov On Cyberspying (CRN) Cisco Systems is denying accusations from a Chinese media outlet claiming the San Jose, Calif.-based networking company is aiding the U.S. government's alleged cyberspying efforts in China

FBI's Wanted List Sends Chinese Tech to First From Worst (Bloomberg) Investors in Chinese technology shares can thank the U.S. Justice Department for turning their unprofitable bets into the stock market's biggest winners

The Most Powerful Security Companies In The World (Silicon India) Oracle: Oracle was previously into software vending until recently it acquired the Sun Microsystems, its main competitor, making it the owner of both hardware and software parts. Sun Microsystems is known for creating Java programming language and Oracle is gaining control over it in order to operate all the patch updates and security advisories on it

Antivirus Software Might Be Dead, But Symantec Certainly Is Not (The Motley Fool) Symantec (NASDAQ: SYMC) is a consumer antivirus software manufacturer that is, perhaps, best known for its flagship Norton Antivirus. Sales of the company's Norton brand have stagnated in the last couple of years, a trend that prompted one of its executives to publicly declare that antivirus software is dead. But, make no mistake, the cyber-security industry is still valued at $70 billion per year

WidePoint — A Prime Acquisition Target Due To Triple; $6.50 Price Target (Seeking Alpha) WidePoint (WYY) has a low market cap of $112 million and recently won three government contracts worth a combined $670 million. Poised to benefit from outstanding growth within the cloud-mobility and security market, WYY is an attractive acquisition target because of its cheap valuation and strong growth outlook

Senate Defense Bill Unearths NSA 'Sharkseer' Program (Nextgov) Highlights from the Senate Armed Services Committee's new defense policy bill show lawmakers would like to drop $30 million on an obscure National Security Agency cybersecurity program called Sharkseer

Procera Networks Receives $3.5 Million in Follow-On Orders From Three Tier 1 Broadband Operators (CEN) Momentum in EMEA, APAC and LATAM continues to grow with investments in customer satisfaction

Target gets serious about its digital transformation (FierceRetailIT) Target (NYSE:TGT) has formed a digital advisory group to assist as it tries to fight back from the very damaging data breach and mismanaged Canadian market entry. The Minneapolis-based retailer has enlisted technology executives from outside the traditional retail space to help chart a path along its digital transformation

Bill Christman: ICF Extends Cyber R&D Support for Army Research Lab (GovConWire) ICF International (NASDAQ: ICFI) has won a three-year, $50 million contract to continue providing support services for a cyber technology research and development program at the Army Research Laboratory

FireHost Names Two New Execs (Texas Tech Pulse) Dallas-based secure cloud hosting provider FireHost reported this morning that it has added two new executives, as part of a leadership expansion. FireHost said it has named Jeff Schilling as Chief Security Officer (CSO) and Jim Hilbert as Senior Vice President of Global Sales

HackerOne Bug Bounty Platform Lands Top Microsoft Security Expert (Threatpost) With bug bounties being all the rage, the platforms that support them are emerging as important pieces of the security research, disclosure and reward ecosystem. One of those platforms, HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft's bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure

Cyber-security expert Brian E Finch joins Pillsbury as a public practices partner (The Lawyer) Pillsbury has announced the appointment of Brian E Finch, a leading authority in cyber security, as a partner in the public practices section in Washington DC, where he will represent major corporations in their public policy and their global security strategy and compliance needs. Finch joins Pillsbury from Dickstein Shapiro, where he led the global security practice in the firm's government law and strategy group

Products, Services, and Solutions

Some Antivirus Tools Wildly Effective Against Zero-Day Malware (PC Magazine) A Trojan or other malicious program that's been analyzed by antivirus researchers is very easy to detect and block. Antivirus programs handle such threats using a kind of file fingerprint known as a signature. In many cases, a single well-crafted signature can match a whole family of related malware. The real problem involves detecting zero-day threats; malware or malware variants that have never been seen before. In a recent test by AV-Test Institute, several antivirus tools proved wildly effective against zero-day threats, while others failed miserably

New certification seeks to bolster insider threat programs (TechTarget) The CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute has announced a new certificate aimed to help information security leaders develop formal insider threat programs

Your own, customised, personal Microsoft security bulletin dashboard (Graham Cluley) When Microsoft publishes a raft of new security updates, the last thing an IT system administrator needs is to get a headache trying to unravel what patches they need for what versions of what software throughout their organisation

SwishData Launches "Hacked: The Series", a Government Cyber Security Campaign (Digital Journal) SwishData, a woman-owned group of leading data performance architects for the federal marketplace, today announced the launch of a new online resource called "Cyber Attack Defenders," which shines a light on the real dangers and realities that federal agencies face when it comes to cyber security

Technologies, Techniques, and Standards

Sinkholes: Legal and Technical Issues in the Fight against Botnets (Infosec Institute) The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture

Is FedRAMP the Final Answer? (FedTech) The cloud security program is a good first start, but adoption must extend beyond the government, experts say

Schwartz: Cybersecurity framework gaining foothold (FierceGovernmentIT) The federal cybersecurity framework released earlier this year is helping critical infrastructure sectors that previously lagged catch up to those with more expertise, said Ari Schwartz, a White House cybersecurity official

Mobile security: Is antimalware protection necessary? (TechTarget) There's been a fair amount of discussion about whether mobile devices need antimalware protection. With my employees using their own devices at work, for work, I want to make sure my company is adequately protected. Is the antimalware investment a necessary one? If not, is there a better product to use?

Stave off infection: Assessing the best antimalware protection (TechTarget) It seems every security vendor claims it has the unique capability to find and stop (or at least minimize the impact of) advanced malware, which can be loosely defined as "anything your existing antimalware product doesn't catch, but probably not including old viruses and worms that we don't really care about"

The benefits of subscription-based penetration testing services (TechTarget) A number of providers now offer subscription-based penetration testing services. How do they compare to traditional pen testing, and how should I determine if this is the right option for my enterprise?

How to use Kismet: A free Wi-Fi network-monitoring tool (TechTarget) IT security professionals often work on large campuses with many networks and endpoints. It's not always easy to keep tabs on every network, especially Wi-Fi networks that can come and go frequently

Next-generation firewall comparisons show no product is perfect (TechTarget) Next-generation firewalls rose to prominence several years ago as vendors promised that they could deliver a variety of security features

Army cyber chief wants more failure (FCW) Lt. Gen. Edward Cardon says a freer attitude toward experimentation would yield better results for Army Cyber Command. It's a common refrain in the development world these days — developers need the freedom and space to fail faster. The agile way of thinking is reaching into the tradition-bound U.S. Army, at least at the level of its top cyber commander, Lt. Gen. Edward Cardon

Risk management issues, challenges and tips (Help Net Security) Gary Alterson, is the Senior Director, Risk and Advisory Services at Neohapsis. In this interview he discusses the most significant issues in risk management today, offers tips on how to develop a risk management plan, and more

Online gaming threats and protection tips (Help Net Security) In this podcast, recorded at Infosecurity Europe 2014, Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, talks about online scams and phishing attacks, specifically those related to protected Steam accounts

Security by Sharing! OWASP Austin: Talk on Crowd-Sourced Threat Intelligence (Alien Vault) Jaime spoke at the Austin OWASP chapter meeting on 5/27. He is a security researcher with broad experience in network security and malware analysis. The last OWASP meeting Jaime presented at was in Barcelona sixyears ago, when he was doing penetration testing

Principles of compliance in the financial services industry (ComputerWeekly) The financial services sector is subject to multiple and complex legal and regulatory compliance requirements that span international boundaries — all of which have implications for storage, backup and the security and integrity of data

Design and Innovation

Microsoft Ventures partners for cyber-security accelerator, one startup to get $1m investment (The Next Web) Microsoft Ventures, the startup-nurturing and investment-focused side of Microsoft, has announced today that it is launching a cyber-security-focused program at its accelerator in Tel Aviv, Israel, in collaboration with Jerusalem Venture Partners

Research and Development

Cyber Threats: Net Psychology (iHLS) Artificial intelligence researchers are constantly trying to teach machines to think like humans. Despite all their efforts, though, there's a massive gap between human and machine psychology. An Israeli startup recently began using these differences to form a new, refreshing model of information security

Quantum Cryptography with Ordinary Equipment (IEEE Spectrum) Researchers in Japan have come up with a way of doing quantum cryptography that could overcome two of the technology's big problems. The new protocol is designed to work with off-the-shelf equipment and use less bandwidth than existing methods. It's just a mathematical proposal, but it could help make quantum key distribution more commercially viable

'Black Box' Software Could Be the Future of Cryptography (Motherboard) Imagine trying to throw a dart at a bullseye that's 200 feet away with only your bare hands. Now, add a blindfold to the equation. Theoretically, it might be possible. But practically, it's pretty much impossible—about the same odds as trying to break a new form of software protection called indistinguishability obfuscation

Academia

Mikulski seeks $120M to create cyber security center at Naval Academy in Annapolis (Baltimore Business Journal) U.S. Sen. Barbara Mikulski on Thursday introduced a bill that includes $120 million to construct a Center for Cyber Security Studies at the U.S. Naval Academy in Annapolis

Coding exposure: 900 students develop their first programs at App Day (GeekWire) Inside the gymnasium on Friday at Rainier Beach High School was a scene best described as organized chaos

Legislation, Policy, and Regulation

China Threatens Further Action Against U.S. Over Hacking Dispute (Bloomberg) China said it will take further action against the U.S. for prosecuting five of its military officers for alleged hacking, saying it has evidence its companies have also been hacked

China tries to limit damage from cyber spying spat (Fort Mill Times) China tried Wednesday to cool a dispute with Washington over cyber spying, reminding the United States of its need for Chinese help over North Korea and appealing to it not to hurt cooperation in anti-terrorism and other areas

China Says U.S. Also Engages in Hacking (Wall Street Journal) A Chinese government report accused the U.S. of Internet surveillance into the highest levels of its leadership and key national institutions, in the latest response from Beijing to the Obama administration's efforts to punish alleged state-sponsored hacking from China. The report by the China Internet Media Research Center published Monday described China as "a main target" of U.S. secret surveillance and said Washington has eavesdropped on its state leaders, scientific institutes, universities

Senator urges parliamentary oversight of national security services (Ottawa Citizen) In the wake of revelations about the breadth of electronic spying by the U.S. National Security Agency, Sen. Hugh Segal says Canada needs a parliamentary intelligence oversight committee for Canada's security services, such as Communications Security Establishment Canada and the Canadian Security Intelligence Service. He, and others, argued the point at a public meeting of the Senate Liberal caucus Wednesday

Slovenia establishes anti-cyber-attack unit (Xinhua via Global Post) Slovenia's armed forces has established a special unit that will be responsible for the security of cyber system of the nation, Slovenian Press Agency reported on Wednesday

White House staff, Obama's top military adviser disagree on cyber strategy (Inside Cybersecurity) White House officials and President Obama's top military adviser disagree about whether the United States has a coherent national strategy to address cyber threats. The rift surfaced when Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, recently voiced concerns at the Atlantic Council about the nation's lack of preparedness for a cyber attack, cited strategic shortcomings and assigned blame to Congress

House intel chair: Chances bleak for cyber bill after August (Defense News) Congress is unlikely to take up a sweeping cybersecurity bill this year if one is not moving in both chambers by August, says House Intelligence Committee Chairman Rep. Mike Rogers

Data Brokers: A Call for Transparency and Accountability (US Federal Trade Commission) In today's economy, Big Data is big business. Data brokers—companies that collect consumers' personal information and resell or share that information with others—are important participants in this Big Data economy

Discontent in Defense Sector Over Export Controls (National Defense) Aerospace and defense firms have cheered the Obama administration's five-year effort to overhaul the U.S. export licensing system at a time when American manufacturers seek international growth

NSA director forgets name of NSA program, hopes nobody is recording his speech (Washington Post) Answering questions at a cybersecurity symposium Wednesday, U.S. Cyber Command Chief and National Security Agency Director Adm. Michael Rogers tried to explain his job — but while doing so, he forgot the name of an NSA program

Litigation, Investigation, and Law Enforcement

NSA leaker Edward Snowden: I want to come home to U.S. (CBS News) National Security Agency leaker Edward Snowden says he would like to go home

Edward Snowden Says The US Stranded Him In Russia — Here Are 4 Problems With That Claim (Business Insider) Former National Security Agency contractor Edward Snowden told "Nightly News" anchor Brian Williams in Moscow that he "never intended to end up in Russia"

A Year Later, Most Americans Think Snowden Did The Right Thing (Dark Reading) On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched

Germany drops NSA prosecution due to lack of evidence (PCWorld) Data protection officials are bewildered by the German federal prosecutor's decision not to start a criminal investigation into the alleged mass surveillance of German citizens by the U.S. National Security Agency

UK National Cyber Crime Unit open to business (ComputerWeekly) The UK's National Cyber Crime Unit is open to working with business and other organisations in the private sector, says deputy director Andy Archibald

Jason Jordaan: Corruption fuels SA cyber crime (ITWeb) Rampant corruption in SA is fuelling the problem of cyber crime. So said Jason Jordaan, head of forensic laboratory at the Special Investigating Unit (SIU) in SA, who was delivering a keynote at the ITWeb Security Summit this morning

Watchdog puts UK gov IT on RED alert. Yes, that's a bad thing (Channel Register) The UK government's "G-Cloud" project is one of more than 20 IT-related government-run projects that have been given a "red" or "amber/red" status by the Major Projects Authority (MPA), a watchdog that oversees government projects

62-year-old man arrested over tweeting as 'ghost' of murdered toddler James Bulger (Naked Security) UK police have arrested a 62-year-old man in connection with tweets purportedly coming from the ghost of murdered toddler James Bulger

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Maryland Cybersecurity Roundtable (Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll...

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center.

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their...

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies...

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's...

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.