skip navigation

More signal. Less noise.

Daily briefing.

ISIL continues to use hostages in online propaganda.

The Senate Armed Services Committee declassifies an inquiry into Chinese cyber espionage against US Transportation Command (TRANSCOM — a unified, functional combatant command in the Department of Defense) and the details aren't pretty. More than twenty advanced persistent attacks (and around thirty other intrusions) occurred between June 2012 and May 2013, with attacks largely accomplished against TRANSCOM's contractors. TRANSCOM was aware of two of them, and the Senate attributes this institutional myopia to poor information sharing on the part of pretty much everyone: TRANSCOM, contractors (and subcontractors), the FBI, other elements of the Defense Department, etc. The campaign targeted both intellectual property and military information.

IBM warns that it's seeing banking Trojans repurposed for use against other sectors.

Home Depot says it's contained the breach it sustained, and that some 56M cards were affected. The investigation is focused on self-checkout point-of-sale systems, which appear to be where the malicious code was installed.

A partial answer to the black-market value of medical records is provided, unfortunately, by a breach at a Texas insurance company. KrebsOnSecurity has found "medical records being sold in bulk for as little as $6.40 apiece" in criminal markets.

Apple releases iOS 8 and OS X 10.9.5. Microsoft struggles again with its patch process.

In industry news, layoffs at Microsoft and elsewhere are churning the IT labor market. Huawei dismisses Western security concerns as "noise around the perimeter."

TrueCrypt seems ready to reappear as "CipherShed."

New Zealand's GCSB clarifies Project Speargun.

Notes.

Today's issue includes events affecting China, European Union, Iraq, Ireland, Russia, Singapore, Syria, Ukraine, United Arab Emirates, United States.

Dateline 2014 Cyber Security Summit

New York City Cyber Security Summit (CyberSummitUSA) The Cyber Security Summit is an exclusive conference series connecting C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts

Cyber Attacks, Threats, and Vulnerabilities

New Islamic State Video Features British Hostage as Group Spokesman (New York Times) The Islamic State released the latest in a series of propaganda videos on Thursday, a slickly produced introduction to what it promised would be a multipart series on the group and the folly of efforts by the United States to fight it

Chinese Penetrate TRANSCOM Amid Lack of Data Sharing (Threatpost) Hackers allegedly affiliated with the Chinese government compromised the computer networks of the United States Transportation Command, the group tasked with providing air, land and sea transportation services to the Department of Defense, according to the findings of a Senate Armed Services Committee investigation

Chinese hacked U.S. military contractors, Senate panel finds (Reuters) Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment, a U.S. Senate panel has found

US Military In The Dark On Cyberattacks Against Contractors (Dark Reading) A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report

Charges of China's military hacking into corporate America piling up (Ars Technica) US appears powerless to bring Chinese soldier hackers to justice

Cyber espionage carries high cost to U.S., expert says in Las Cruces talk (Las Cruces Sun-News) In 2003, Chinese cyber espionage of the U.S. Department of Defense computer system led to a theft of data equal to 20 percent of all the information stored in the Library of Congress, Joel Brenner told those attending the Domenici Public Policy Conference on Thursday in Las Cruces

IBM warns over proliferating use of banking Trojans in enterprise attacks (Computing) Banking Trojans are increasingly being used to launch cyber attacks on organisations because of the proliferation of such malware on PCs around the world

Home Depot: 56M Cards Impacted, Malware Contained (KrebsOnSecurity) Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record

In Home Depot Breach, Investigation Focuses on Self-Checkout Lanes (KrebsOnSecurity) The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding could mean thieves stole far fewer cards during the almost five-month breach than they might have otherwise

eBay takes flak for leaving rigged iPhone listing up for 12 hours (Naked Security) On Wednesday, a redirect attack was discovered on the auction site, working to grab customers' credentials on a spoofed eBay site

Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm (KrebsOnSecurity) How much are your medical records worth in the cybercrime underground? This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were apparently stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into a possible data breach

Beware Apple ID phishing and free iPhone 6 scams (Foursys Blog) In the next few days, those people who have been queueing outside Apple stores in their pyjamas or were lucky enough to survive the avalanche of online pre-orders, will have their paws on a shiny new Apple iPhone 6 or its big brother, the iPhone 6 Plus

Tech firm tries to pull back curtain on surveillance efforts in Washington (Washington Post) As a black sedan pulled into downtown Washington traffic earlier this week, a man in the back seat with a specially outfitted smartphone in each hand was watching for signs of surveillance in action. "Whoa, we've just been hit twice on this block," he said, excitement rising in his voice, not far from FBI headquarters

Cyber security and the electric grid — it IS a problem (Control) Politico had an article, "U.S. grid safe from large-scale attack, experts say". Digital Bond had a discussion on the article. Enclosed is my response as I don't believe the "experts" understand the issues including Aurora

Security Patches, Mitigations, and Software Updates

Apple Releases Security Updates for iOS, Apple TV, and Xcode (US-CERT) Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5 (Naked Security) Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays

Is Enterprise IT Security Ready For iOS 8? (Dark Reading) Apple bakes in more security features, but iOS 8 won't come without security ops headaches

Microsoft patch system seriously flawed — withdraws more updates (myce) A week after the release of a security update for Microsoft Lync Server, the software giant yesterday decided to withdraw a patch for the software. Lync Server (previously known as Microsoft Office Communications Server) is a real time communication platform for enterprises and used for e.g. instant messaging and video conferences. A security update for Lync Server which Microsoft released last week caused issues and has been withdrawn

Google to turn on encryption by default in next Android version (IDG via CSO) Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security

Cyber Trends

Big data security analytics still immature, say security experts (ComputerWeekly) While big data security analytics promises to deliver great insights in the battle against cyber threats, the concept and the tools are still immature, according to a panel of security experts

Cyber crime wake-up call (MicroScope) Mounting levels of cyber crime and industrial espionage are sounding a long-awaited and much- needed wake-up call in the ears of corporate executives

Cybercrime in 2025: Where do you go when there's nowhere to hide? (GMA Network) Imagine a world where your house can talk to you, your car drives itself, and even your refrigerator knows what you eat

The state of document security in a post-Snowden world (TechRadar) Sharing sensitive data can be a tricky business

Netskope exposes cloud data fears (MicroScope) No matter how hard the cloud industry does its best to reassure customers over data security issues users continue to have doubts that those hosting their sensitive information are going to be able to protect it

White House: Internet not Borderless, but Lacking Interior (Threatpost) In an afternoon keynote address at the Billington Cybersecurity Summit yesterday, Michael Daniel, a special assistant to the president and White House Cybersecurity Coordinator, refuted the common sentiment that the Internet is difficult to defend because it is borderless. To the contrary, Daniel explained that the border is everywhere on the Internet, and what is really lacking is an interior

V3 Security Summit: Skills gap puts the future of UK cyber security at risk (V3) The latest manifesto from TechUK indicates a need to address both the digital skills gap and improve cyber security, otherwise the future of the UK's technology industry may be at risk

3 out of 4 Internet users in Singapore concerned about social network privacy (MIS Asia) More than half of respondents (almost 66 percent) in Singapore are not protected on their mobile devices and personal computers

Marketplace

Microsoft closing standalone Trustworthy Computing group, folding into other units (Geekwire) Microsoft will shutter its standalone Trustworthy Computing group, folding elements of the unit's work on security, privacy and related issues into its Cloud & Enterprise Division, and its Legal & Corporate Affairs group

Growing IT layoffs add to recruiter feeding frenzy (FierceCIO) As reported by FierceCIO last Thursday, news that Microsoft will lay off close to 18,000 workers caught even the most critical analysts off guard, with the media now scrambling to figure out what it all means for the tech giant. But one thing that was immediately agreed to is that the announcement means 'open season' for recruiters

Western security concerns are 'noise on the periphery' says Huawei exec, as firm looks to impress CIOs (Computing) Chinese telecommunications firm Huawei regards security questions surrounding its products as "noise on the periphery", saying that CIOs are more interested in hearing about how Huawei can benefit their organisations

Raytheon Ready for Acquisitions? (Barron's) The contractor will be in a net cash position for the first time since 2010

Desmond invests in cyber security firm (Irish Times) Vahna said it received "significant investment" from IIU in order to fund expansion

Larry Ellison Steps Down: Succession Done Well (LinkedIn) Founders always have a very hard time giving up their roles as CEO

David Keffer Named EVP, CFO at SRA (GovConWire) David Keffer, formerly corporate controller at SRA International, has been promoted to executive vice president and chief financial officer and will be in charge of the company?s financial functions and operations

Why CSO pay is too low in San Francisco, New York (CSO) CSOs get paid more in San Francisco and New York, but they can live better in Chicago and Denver

Products, Services, and Solutions

TrueCrypt Getting a New Life (eSecurity Planet) TrueCrypt will stay alive, thanks to devotees who are forking the encryption program's code. 'Cleaned up' code will get a new name, CipherShed, and a different open source license

How two "holy grails" of cryptography can make the cloud safe everywhere (Quartz) The cloud can be a scary place, whether you're a celebrity with risqué photos or a bank with $10 billion in assets

In-depth: How CloudFlare promises SSL security — without the key (Ars Technica) CEO shares technical details about changing the way encrypted sessions operate

Brit corrals heavyweight capacity for cyber launch (Insurance Insider) Brit Insurance has put together a $250mn consortium, including capacity from Berkshire Hathaway, to write a new cover to protect critical infrastructure against cyber attacks, The Insurance Insider can reveal

McAfee, Symantec Join Cyber Threat Alliance (eWeek) Fortinet, McAfee, Palo Alto Networks and Symantec will dedicate resources to determine the most effective mechanisms for sharing advanced threat data

DigiCert Releases Tool to Simplify SHA-2 Migration for System Administrators (MarketWired) DigiCert, Inc., a leading global Certificate Authority and provider of trusted identity and authentication services, today released a free tool which helps system administrators analyze their use of SHA-1 hashing algorithms across all domains and subdomains

FireEye and Mandiant Unite to Deliver Industry's First Global Security as a Service Solution (Dark Reading) Introduces next generation Threat Intelligence Suite for deeper insights into cyber attacks

Alert Logic Launches UK Datacenter, Provides Enhanced Data Protection to European Customers (PRNewswire) Alert Logic, the leading provider of Security-as-a-Service for the cloud, has announced the completion of its European Datacenter, now generally available for partners and customers

LabTech Software, Thycotic Unveil Password Management Integration (MSPmentor) LabTech Software says new integration with Thycotic Secret Server streamlines connectivity to shared credentials

Sookasa's Dropbox Encryption Solution Named by Blog HIPAA as One of "5 Key Tools to Help Achieve HIPAA Compliance" (PRWeb) Blog HIPAA chooses Sookasa's Dropbox Encryption Solution as top tool to enable healthcare organizations achieve HIPAA compliance in the cloud

Simply Secure aims to make security technology usable (Help Net Security) Just two days after they joined a collaboration that will focus on making open source "easier for everyone," Google and Dropbox have announced that they will be working together on another initiative: Simply Secure

Technologies, Techniques, and Standards

5 Ways To Monitor DNS Traffic For Security Threats (Dark Reading) Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products

Is a Remote-Wipe Policy a Crude Approach to BYOD Security? (CIO) While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security

How to change Safari's default search engine in iOS 8 for greater privacy (We Live Security) If you're one of the many millions of iPhone and iPad users who managed to successfully upgrade to iOS 8 overnight congratulations

Persistence tech offers layered approach to security (GCN) Faced with the complex trifecta of workforce mobility, increased connectivity and regulatory compliance, government IT leaders are managing a delicate juggling act in today's intricate security and regulatory environment

Free tool simplifies SHA-2 migration for system administrators (Help Net Security) DigiCert released a free tool which helps system administrators analyze their use of SHA-1 hashing algorithms across all domains and subdomains and map out a path for SHA-2 migration

Academia

UAE student hackers put to the test (National) The task seemed malicious: to see which of 11 teams of student hackers could breach the security systems of a model town

Student Competitors Learn To Foil Cyber Attacks (Huffington Post) Like every respectable geek, I remember my first personal computer

Legislation, Policy, and Regulation

GCSB clarifies 'Project Speargun' (Stuff) The Government Communications Security Bureau has tightened its defence over claims of mass surveillance by confirming the term "Project Speargun" was used to describe an abandoned element of a proposed cyber defence system

US Official: Chinese Want NSA Cyber Schools. Really. (Nextgov) Chinese universities are welcome to adopt the U.S. National Security Agency's cyber education program, the top U.S. computer security education official said, after a recent trip to Beijing

'Need To' Declassify More Cyber Attacks: NSA Deputy Ledgett (Breaking Defense) The deputy director of the National Security Agency said today that the Intelligence Community should declassify the existence of more cyber attacks to improve the agency's ability to mobilize the private sector and to get help when needed

Is NSA Planning to Beef Up Cyber Response Capabilities? (Nextgov) Adm. Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, said the Obama administration's controversial spying programs have not cost the country friends or allies either in the technology industry or abroad. Indeed, the agency shows no signs of slowing down at all

GAO: DHS needs a better approach to assess vulnerabilities in critical infrastructure (FierceHomelandSecurity) Congressional investigators said the Homeland Security Department needs a better way to consistently assess vulnerabilities in critical infrastructure despite conducting thousands of reviews in recent years

Audit finds numerous IT-related security problems for DHS agencies at airport (FierceHomelandSecurity) An internal audit found that the Homeland Security Department's IT systems and assets at Dallas-Fort Worth International Airport had inadequate security measures, which could potentially be exploited or compromised

Identifying regulatory gaps in big data difficult, says FTC panel (FierceGovernmentIT) Once reserved for scientific studies, big data is now regularly used by corporations to analyze information about consumers — and privacy experts say these emerging practices raise tough policy questions

Federal Inaction Breeds ID Theft, Says Frank Abagnale (InformationWeek) Onetime "Catch Me If You Can" swindler turned anti-fraud consultant says identity theft is "4,000 times easier" than when he was living a life of crime

Litigation, Investigation, and Law Enforcement

NSA Director Implies ISIL Intel Estimates Could Have Been Better (Breaking Defense) How well did the American Intelligence Community do in its most fundamental job: providing strategic warning of war and major strategic events to the president when it came to Russia's invasion of Ukraine and ISIL's invasion of Iraq?

Intelligence chief says Snowden leaks created 'perfect storm' (The Hill) Edward Snowden's national security leaks have created a "perfect storm" degrading the intelligence community?s capabilities, Director of National Intelligence James Clapper said Thursday

No, Apple probably didn't get new secret gov't orders to hand over data (Ars Technica) Rare warrant canary vanished, likely due to new 2014 Justice Dept. guidelines

Europe Seeks A Common Appeals Process For The 'Right To Be Forgotten' (TechCrunch) Data protection regulators in Europe are working on creating a common set of guidelines for handling appeals by individuals whose requests to search engines to de-index personal information, under the region's recent right to be forgotten ruling, have been refused

Rape victim's lawsuit shows the limits of website immunity law (Ars Technica) Judge: CDA Section 230 isn't "all purpose get-out-of-jail-free card" for websites

Exclusive: NSA Won’t Say If Official's Spouse Does Business With The Agency (BuzzFeed) A powerful National Security Agency official involved in the controversial domestic surveillance program is married to an executive at a company that appears to be doing or seeking business with the agency. The executive also registered an intelligence business at the couple’s home. The NSA says it has a strict ethics policy

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Indianapolis SecureWorld (Indianapolis, Indiana, USA, October 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute,...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.