skip navigation

More signal. Less noise.

Daily briefing.

The Islamic State (a.k.a. IS, ISIS, or ISIL) apparently escalates its propaganda campaign with a video calling for indiscriminate murder of "misbelievers," particularly nationals of those countries mooting an alliance against IS. While IS still seems incapable of direct action against its enemies' cyberspace presence, it's unclear how long this will continue if IS is permitted to develop its capabilities.

Russian organizations used last week's Scottish independence plebiscite as an opportunity to mount cyber attacks on the UK's North Sea oil industry — note, again, Russian interest in the Western oil and gas sector.

All Africa covers a denial-of-service attack against Nubia Reports, a news service following conflict in southern Sudan.

The cloud saw more weekend precipitation of celebrity photos, with easily-guessed security questions again implicated.

Retail security cost-benefit calculations remain difficult: Home Depot works to upgrade point-of-sale security as former insiders say it disregarded security warnings. eBay's cross-site-scripting vulnerability apparently existed for months before it was closed.

Retail isn't alone in its risk balancing act. A study suggests BYOD's productivity gains lead enterprises to accept higher security risks. Insurers continue to price cyber risks separately — and higher — than other business risks.

Microsoft gets mixed reviews for its decision to do away with its Trustworthy Computing unit as it streamlines through layoffs.

Darktrace loses its former-GCHQ-bigwig CEO as Andrew France decamps to found his own consultancy.

Israel stands up a national cyber security agency. Australia's ONA scans social media to develop intelligence on extremists. NATO seeks to advance cyber intelligence sharing.

Notes.

Today's issue includes events affecting Australia, European Union, Iraq, Ireland, Israel, Democratic People's Republic of Korea, NATO, Russia, Singapore, Sudan, Syria, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Islamic State appears to release chilling threat (USA Today) A spokesman for the Islamic State militant group has apparently released a new, chilling message threatening the U.S. and its allies

Richard Clarke's Hair Is On Fire Again (Bloomberg View) Remember Richard Clarke, the presidential counterterrorism adviser whose hair was on fire about al-Qaeda long before the Sept. 11 attacks and whose warnings of a threat from hijacked planes were ignored by the administration of President George W. Bush?

Experts Doubt ISIS Could Launch Major Cyberattack Against the U.S. (TIME) Experts say the Islamist militants' social media savvy doesn't translate into a real cybersecurity threat against the U.S

Meet the terror group in Syria that could actually threaten the US (Quartz) For all the barbarity of ISIL and the focus on the military campaign against them, security analysts say the group doesn't have the capability to directly attack the US — its threat is regional disruption. But US intelligence officials have spent the last week dropping hints about another al Qaeda off-shoot that does aim to attack Western countries at home, and it operates in ISIL's backyard

Russian cyber attack exploits Scottish independence vote (SC Magazine) UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independence vote

Sudan: Hackers Attack Website That Covers Sudan's War-Torn Regions (All Africa) The website is concerned for its correspondents after the DDoS attack

Home Depot Hacked After Months of Security Warnings (Bloomberg BusinessWeek) For a retailer with 2,266 stores and $79 billion in annual revenue, buying software to protect against hackers is a good idea. Using the software is a better one

Home Depot Rushes to Deploy EMV Cards in Wake of Massive Data Theft (eWeek) Home Depot is accelerating the deployment of EMV chip-and-PIN cards, but that's little consolation to holders of 56 million payment cards exposed in a massive cyber-attack

eBay XSS password-stealing security hole "existed for months" (Graham Cluley) Last week an alarm was raised about a security hole on the eBay website which had caused at least one potential purchaser to be transported to a password-stealing scam instead of an auction page flogging an iPhone

Kim Kardashian, Vanessa Hudgens, et al. targeted in latest naked celebrity photo leak (Naked Security) Early on Saturday morning, Celebgate flooded the same sites as it did three weeks ago — 4Chan and Reddit, among others — as cybercrooks again posted nude photos allegedly of celebrities including Kim Kardashian, Vanessa Hudgens, and US soccer goalie Hope Solo

Palantir's GSA pricing info posted on Hacker News site (FCW) Federal pricing information for software and services sold by a big-data company known for its relationships with the CIA and the National Security Agency has made its way onto a social news website for hackers

Upcoming Book Charts Anonymous' Rise, From Silly Pranks to Serious Power (Wired) How did Anonymous make the leap from a rather amusing anti-Scientology society to a global protest movement whose force was felt in the highest circles of power? Well, as Anonymous anthropologist Gabriella Coleman describes it in her upcoming book on the hacking collective, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous, it was a bit of a fluke. But it happened because of PayPal and the company's financial blockade against the whistleblowing site WikiLeaks

The Secret Lives of Hackers (Nova PBS) Hackers may not be who we think they are. In fact, you might be a hacker and not even know it. Learn the true meaning of hacking and some of the many reasons that hackers hack

Bulletin (SB14-265) Vulnerability Summary for the Week of September 15, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Here are the limits of Apple's iOS 8 privacy features (CSO) Apple's new passcode-based encryption for the iPhone and iPad can be circumvented and provides only limited protection to data

Google Plans To Encrypt Android Data By Default (InformationWeek) After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively

Cyber Trends

Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data (Forbes) When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity

Productivity Gains Trumping Security as BYOD Grows (Threatpost) More than half of organizations say that employees regularly sacrifice security in exchange for the efficiency enabled by using personal mobile devices to get work done in the office and at home. That problem seems to be compounded by survey results showing that one-third of those organizations' employees work exclusively on mobile devices

8 headline-making POS data breaches (CSO) The rash of data breaches in the US through POS terminals has many looking the to Chip and PIN model used in Europe

Cloud Usage: Risks and Opportunities Report (Cloud Security Alliance) This survey was circulated to over 165 IT and security professionals in the U.S. and around the globe representing a variety of industry verticals and enterprise sizes. The goal was to understand their perception of how their enterprises are using cloud apps, what kind of data are moving to and through those apps, and what that means in terms of risks

Cybersecurity is bigger than just computers: DBED cyber head (Technical.ly Baltimore) Jeffrey Wells spoke Wednesday to the Greater Baltimore Committee. "One of our greatest exports in the coming years will be our intellectual capital," he said

Marketplace

The Cyber Liability Shell Game (CFO) Insurers are excluding privacy risks from general-liability policies and offering companies more costly stand-alone cyber coverage

Microsoft kills off its Trustworthy Computing Group (Help Net Security) Microsoft's Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company's Cloud & Enterprise Division or its Legal & Corporate Affairs group

Microsoft closesTrustworthy Computing as part of layoff strategy (SC Magazine) In a surprise move, Microsoft has effectively closed its Trustworthy Computing (TwC) Group as part of the loss of 2,100 jobs in a restructuring plan announced late last week

Apple's Tim Cook talks privacy: 'We're not like all the others' (Naked Security) Apple has launched a new privacy website to highlight how it handles its users' privacy as well as government requests for user data

Israeli hackers 'scary talented,' says security expert (Times of Israel) Antonio Forzieri, a top executive at Symantec, praises combination of speed, knowledge, skill of Israeli cyber-experts

Siemens to create 11 new jobs as it expands security division (Silicon Republic) Siemens is to create 11 new jobs in Dublin following the transfer of its intruder detection business to Clonshaugh

Boeing to open cyber analytics centre in Singapore (Channel NewsAsia) Boeing's Cyber Analytics Centre in Singapore will help train and equip cybersecurity professionals, perform advanced analytics and serve as the company's regional cybersecurity centre of excellence

Two-Factor Authentication Startup Duo Security Raises $12 Million From Benchmark (TechCrunch) Five-year old startup Duo Security has emerged as a leader in providing secure but easy-to-use two-factor authentication technology to a fast-growing number of enterprise customers. To bolster its growth, the company has raised $12 million in Series B financing from Benchmark, and has added general partner Matt Cohler to its board

Toopher part of group winning $1.47M NIST award to pilot Secure Electronic ID, led by MorphoTrust and State of NC (Dark Reading) NSTIC grant facilitates test of security, viability and interoperability of a driver license-equivalent for online transactions

Parasoft Joins Department of Homeland Security Cyber Security Division Initiative (Sys-Con Media) Parasoft, the leading provider of software testing solutions for application security, announced during the AppSec Software Security Conference its partnership with the Software Assurance Marketplace (SWAMP), an initiative from the United States Department of Homeland Security's Cyber Security Division

Proofpoint CEO Unloads $759,000 in Stock (PFPT) (Sleek Money) Proofpoint (NASDAQ:PFPT) CEO Gary Steele sold 20,000 shares of Proofpoint stock in a transaction that occurred on Wednesday, September 17th

New CEO has big data plan for Nice Systems (Malay Mail) It's been a volatile seven months in the stock market for Nice Systems Ltd since Barak Eilam was named chief executive officer in February. First, there was a 21 per cent rally, then a 17 per cent plunge starting in mid-April

Former Cyber Spook Quits Darktrace CEO Role (Wall Street Journal) A cybersecurity company backed by former Autonomy CEO Mike Lynch has lost its CEO, a former top U.K. spy who plans to start his own consulting firm

Alert Logic Hires Kimberly Bowron as Senior Vice President of Talent Management (Broadway World) Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, today announced that it has hired Kimberly Bowron as Senior Vice President of Talent Management

Products, Services, and Solutions

Cryptomathic Delivers Security Matrix for Android Host Card Emulation (Payment Week) Android's counter-punch to the new one touch Apple Pay function which uses near-field communication technology, can be found in the cloud-based formula of host card emulation

Samsung says to employees: Go around your admin and deploy KNOX yourself (FierceMobileIT) In an apparent effort to encourage employees to go around their IT admin, Samsung is making its KNOX mobile security platform available for free directly to enterprise users who have a Samsung Galaxy S5 or a Samsung Note 4 and have access to a Microsoft Exchange ActiveSync account, the company announced on its blog

Trend Micro Releases Security Software 2015 (eWeek) The Trend Micro Security 2015 solution, aimed at consumers, is designed to resolve security and privacy issues that continue to affect Internet users

Technologies, Techniques, and Standards

IEEE standards group wants to bring order to Internet of Things (ComputerWorld) The IEEE P2413 would span IoT technologies for all industries

How to keep your contactless payments secure (Help Net Security) Contactless transactions — ranging from access control and ticketing to financial payments — emerged almost two decades ago and, since then, have become widely accepted and more diverse, now including mobile wallets, key fobs, tags or stickers for smartphones or wristbands

5 Ways To Think Outside The PCI Checkbox (Dark Reading) New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security

Design and Innovation

Am I being taken advantage of during the job application test? (Ars Technica) A developer test shouldn't be a way for employers to use cheap labor

Research and Development

New Research Refines Security Vulnerability Metrics (Threatpost) Adequate security metrics have seemingly been an unattainable goal, especially when it comes to software security. Too often, organizations simply rely on vulnerability counts for flaws disclosed in an operating system or popular application as a measure of its security

Some Vulnerabilities Are Different Than Others: Studying Vulnerabilities and Attack Surfaces in the Wild (University of Maryland) The security of deployed and actively used systems is a moving target, influenced by factors not captured in the existing security metrics

Labs transferring cybersecurity to industry (Albuquerque Journal) Through the Department of Homeland Security's Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better

Legislation, Policy, and Regulation

Israel Establishing National Cyber Defense Authority (Forward) Netanyahu cites 'major significance' for Jewish state's future

Spy organisation scouring social media for extremist threats (Sydney Morning Herald) Australia's peak intelligence agency is stepping up its analysis of terrorist threats including scouring social media to track extremist propaganda and recruitment efforts

NATO Steps Up Private Sector Co-operation with New Alliance (Infosecurity Magazine) The world's largest military alliance, NATO, has announced plans for a new initiative designed to bolster co-operation with the private sector on cyber security threats

CIA stops spying on friendly nations in Western Europe (AP via the Stars and Stripes) Stung by the backlash over a German caught selling secrets to the U.S. and the revelations of surveillance by the National Security Agency, the CIA has stopped spying on friendly governments in Western Europe, according to current and former U.S. officials

Can the intelligence community win back public trust? (C4ISR & Networks) Intelligence leaders are pursuing efforts to reconcile trust with the American public in the wake of damaging leaks and spying revelations over the past year, according to the head of National Security Agency

Obama's top military adviser urges new federal cybersecurity rules (Inside Cybersecurity) The federal government needs to impose carefully calibrated cybersecurity standards on the private sector but it might not happen until there is a crisis, according to Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff

Tor users could be FBI's main target if legal power grab succeeds (Naked Security) The US Department of Justice (DOJ) is proposing a power grab that would make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor or other anonymizing technologies

Strengthening Our Cyber Community (White House Blog) Recently, a private-sector partner opined that it would be nice if the millions of dollars he was putting into defense wasn't defeated by a $500 tool easily rented online. It doesn't matter whether you're from a government agency, a contractor, or a retailer — no one seems to be immune to this problem

For White House Cyber Czar, Being called 'Total N00B' Just Comes with the Territory (Nextgov) Michael Daniel, the White House's cybersecurity coordinator, courted controversy last month when he gave an interview on his role setting cyber policy for the Obama administration

Senate Passes Cybersecurity Skills Shortage Bill (GovInfoSecurity) Measure aims to boost IT security employment at DHS

Top-level turnover makes it harder for DHS to stay on top of evolving threats (Washington Post) An exodus of top-level officials from the Department of Homeland Security is undercutting the agency's ability to stay ahead of a range of emerging threats, including potential terrorist strikes and cyberattacks, according to interviews with current and former officials

New Pentagon Procurement Rules Seek to Create Culture of Innovation (National Defense) The U.S. military is in a technology rut. American weaponry has ruled for decades, but that lead is at risk as countries like China continue to chip away. And although the Pentagon has far and away the world's biggest arms budget, military equipment is showing its age and efforts to modernize are sluggish at best

Litigation, Investigation, and Law Enforcement

North Korea says jailed California man sought to be 'second Snowden' (Los Angeles Times via Stars and Stripes) The California man who was sentenced to prison in North Korea last week deliberately sought to get arrested so he could meet another American imprisoned in the country, negotiate for his release and ultimately expose "the 'human rights situation" in the country after leaving jail, the nation's state-run news agency said Saturday

Microsoft judgment has far-reaching effects (BusinessDayLive) Edward Snowden's revelations about the nature and extent of the US's worldwide surveillance caused a great deal of concern among the international community, specifically about the tendency of US law enforcement agencies to completely ignore the provisions of foreign privacy laws

Apple defiant about protecting iPhone data even in the face of government warrant (FierceMobileIT) Apple will not turn over data from iPhones to the government even in the face of a warrant, the company said in its new privacy policy

DOD has 1 million contractors eligible for security clearance, but not on payroll (Washington Post) When the Government Accountability Office was looking at security clearance issues, it found a curious situation among Defense Department agencies: Some have more people eligible for clearances than they have employees

Snowden Reveal Makes Israeli Spies' Protest An American Issue (NPR) Last Friday, 43 veteran and reserve members of Israel's secretive spy organization, Unit 8200, claimed they'd been directed to spy on Palestinians for coercion purposes

MIT Students Battle State's Demand for Their Bitcoin Miner's Source Code (Wired) Four MIT students behind an award-winning Bitcoin mining tool will face off against New Jersey state authorities in court today when they attempt to fight back against a subpoena demanding their source code

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

Upcoming Events

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Indianapolis SecureWorld (Indianapolis, Indiana, USA, October 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute,...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.