skip navigation

More signal. Less noise.

Daily briefing.

ISIS continues its information operations campaign with online threats of violence.

The Local reports that TV5Monde was exposed to hacking during a months-long phishing campaign.

Pope Francis calls the Armenian genocide "genocide" and Turkish hacktivists respond by taking down a Vatican Website. (The hacktivists' motivations are probably more Kemalist than Islamist.)

CrowdStrike claims to have deterred Hurricane Panda: the Chinese hackers bugged out of a CrowdStrike-protected network after detecting CrowdStrike's presence. The deterrence in this case involved the simple economic strategy of raising the cost of a successful attack beyond what the attackers were willing to pay.

A forthcoming study of hacking economics appears to offer defenders hope: they may be more favorably positioned to buy (then fix) vulnerabilities in the zero-day market than are cyber criminals.

Cylance's Spear research team reports that new attack vectors are open to an 18-year-old Microsoft Windows Server Message Block (SMB) vulnerability. "Redirect to SMB" attacks can compromise Windows credentials. Microsoft harumphs that, well, the vulnerability's not really as bad as all that, but enterprises should consider the Cylance findings seriously.

Internet-of-Things and industrial control system security issues continue to trouble consumers and plant managers. Schneier sees the IoT as "really bad," and Weiss reminds us of how issues posed by accidents and attacks tend to converge in risk management.

Investors continue to give close attention to the security sector: stock-picks, M&A activity, and VC funding all figure in today's news.

The US blocks sale of Intel Xeon chips to China for supercomputer upgrades.

Notes.

Today's issue includes events affecting Bangladesh, China, Colombia, Ecuador, Holy See (Vatican City), India, Iraq, Israel, Malaysia, Philippines, Palestinian Territories, Russia, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

The CyberWire will be covering RSA 2015 in San Francisco next week. Look for special issues devoted to the event beginning Friday.

Cyber Attacks, Threats, and Vulnerabilities

Terrifying New ISIS Video Threatens Attack On American Soil (Refinery 29) Up to this point, the atrocities of the so-called Islamic State (or ISIS) have been restricted to the territories they control in Iraq and Syria. But, a terrifying new video released this weekend by the terror group calls for supporters to carry out a 9/11 style attack on American soil — warning of "lone wolf" terrorists who may be hiding out in Western countries.

'Phishing email' the key to hacking of TV5Monde (The Local (French Edition)) The jihadist cyber-attack against French television channel TV5Monde last week was set in motion in as far back as January, several sources with knowledge of the investigation said on Tuesday

Hackers Shut Down Vatican City Website Against Pope's Comment (HackRead) Turkish hackers shut down Vatican City official website against Pope Francis' remarks in which he used the word 'genocide' to refer to mass killings of Armenians by Turks

Google Malaysia hacked by Bangladeshi hackers (TechWorm) Google Malaysia was hacked in the wee hours today and visitors were taken to a defaced landing page

Beijing May Have Been Spying on India's Defense Industry for a Decade (Quartz via Defense One) Cyber security firm FireEye said the hackers targeted data on military operations in multiple countries China has territorial disputes with in the South China Sea

U.S. firm CrowdStrike claims success in deterring Chinese hackers (Reuters) U.S. cybersecurity firm CrowdStrike Inc said Monday it had successfully prevented a Chinese hacker group from targeting a U.S. technology firm for the first time, offering promise for other companies facing cyber attacks

Chinese Nation-State Hackers Give Up Attack Campaign (Dark Reading) It worked on Hurricane Panda. Can APT30 and other organized cyberespionage groups also be convinced that an attack campaign isn't worth the trouble?

The Economics of Persistent Cyber Attacks (Forbes) There's an arms race in information security — that much isn't news. As security companies develop better tools at detection and stopping attacks, adversaries develop better attacks. Or do they? "Just like in the physical world, you're not going to bring in Seal Team Six on every SWAT engagement you have," said Dmitri Alperovitch, co-Founder and CTO of CrowdStrike, an information security company. "You're going to bring them in to capture Osama Bin Laden because that's a target that makes more sense." The same is true with criminal hackers — they're going to start out an attack with the B-team. Or maybe even the C-team

Zero-Day Market Economics Favor Incentives for Defensive Tools (Threatpost) There's a security truism that goes something like this: Defenders must protect all machines against all vulnerabilities, while attackers need only to find one way on to a system or network

Cylance SPEAR Team Discovers Vulnerability Impacting All Versions of Windows, Including Windows 10 Preview (MarketWatch) Loophole allows attacker to gain access to login credentials; popular apps from Adobe, Apple, Box and Microsoft also impacted

18-year-old SMB vulnerability resurfaces, dozens of vendors affected (CSO) New methods expand the attack surface to applications and software beyond Windows

A new security flaw in Microsoft Windows allows hackers to steal users' login credentials: Researchers (Reuters via IBNLive) Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs

Universal backdoor for e-commerce platform lets hackers shop for victims (Ars Technica) New "drive-by login" attacks use Web stores to target specific customers

TLS certificate blunder revisited — whither China Internet Network Information Center? (Naked Security) Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority (CA) called China Internet Network Information Center, or CNNIC for short

Alert (TA15-103A) DNS Zone Transfer AXFR Requests May Leak Domain Information (US-CERT) Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests

Second-hand devices — cheaper but risky (CSO) The market for used smartphones and tablets offer opportunities for both buyers and sellers. But there are risks as well, both to individuals and the enterprise

As Ransomware Attacks Evolve, More Potential Victims Are At Risk (Threatpost) In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted and held for ransom, a scenario that is becoming increasingly common in enterprises and municipal agencies

Mobile Threat Monday: Analyzing Mint, Bitdefender Anti-Theft, Swarm, Snapchat (PC Magazine) The Security Watch team asked the penetration testing experts at Security Compass to take a look at some of our favorite apps to understand how they stack up, security-wise. One thing we learned from this exercise: there is always room for improvement

Season 5 Game of Thrones episodes leaked online (Naked Security) HBO has been mugged by its own early screeners

Five security questions you should be asking about the Apple Watch (CSO) Many security professionals are already thinking about the security implications of the Apple Watch

Bulletin (SB15-103) Vulnerability Summary for the Week of April 6, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

March 2015 Cyber Attacks Statistics (Hackmageddon) It's time to aggregate the two Cyber Attack Timelines for March 2015 (Part I and Part II) into statistics

Security Patches, Mitigations, and Software Updates

Drupal core security release window on Wednesday, April 15 (Drupal Groups) The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, April 15

Rootpipe Backdoor Flaw Not Going to be Patched on Older Versions of OS X (Intego) There's bad news for Mac users who aren't planning (or aren't able) to update their copies of OS X to 10.10.3

Cyber Trends

Threat Intelligence Sharing Momentum and Needs (Network World) Government and infosec industry should build upon threat intelligence energy by focusing on education, standards use-cases, and best practices

Report: Average cost per record breached is 58 cents, discovery times are down (CSO) Report: Average cost per record breached is 58 cents, discovery times are down

Schneier on 'really bad' IoT security: 'It's going to come crashing down' (Network World via CSO) The problem will sort itself out — eventually, he says

The cost of a non-malicious control system cyber incident — more than $1Billion (Control) There is a tendency by many in the cyber security community to only care about malicious cyber attacks as opposed to unintentional cyber incidents. April 9th, 2015, the California Public Utilities Commission fined Pacific Gas & Electric (PG&E) $1.6 BILLION for the September 2010 San Bruno natural gas pipeline rupture that killed 8 and destroyed a neighborhood (there are also 28 federal criminal charges and numerous other fines and penalties). This was not a malicious cyber attack but an unintentional control system cyber incident

Political SCADA attacks on the rise — or are they? (SC Magazine) The latest Global Threat Report from Dell Security reveals that attacks against SCADA systems have doubled in the last year — with most regarded as political

Dell Annual Threat Report analyzes the most common attacks observed in 2014 and how emergent threats will affect organizations throughout 2015 (Dell) Dell report analyzes the most common attacks observed in 2014 and how emergent threats will affect organizations throughout 2015. Research shows a rise in point-of-sale (POS) malware variants and attacks against payment card infrastructures targeting retail organizations. More companies were exposed to attackers hiding in plain sight as a result of SSL/TLS encrypted traffic. Research found a 100 percent increase in attacks against industrial control (SCADA) systems

Gangs of hackers cause cyber breaches to spike 23% (USA TODAY) Organized criminal gangs of hackers got smarter, faster and more ubiquitous last year, pulling off 312 major breaches against companies. That's up 23% from the year before, Symantec's 2014 Internet threat report found

Attackers use deceptive tactics to dominate corporate networks (Help Net Security) Cyber attackers are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them, according to Symantec

Takeaways From the 2015 Verizon Data Breach Investigations Report (Tripwire: the State of Security) Verizon's annual Data Breach Investigations Report (DBIR), now in its eleventh year, has become one of the most anticipated information security industry reports. Think of it as the Data Breach Bible, as it dissects thousands of confirmed data breaches and security incidents from around the globe into emergent and shifting trends, providing us with insightful guidance to apply to our own security practices

Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks (Dark Reading) New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record — and attackers are not going after mobile en masse

Lax Update Policies Give Hackers an Edge (Wall Street Journal) New report by Verizon says most breaches exploit a known software bug

Are privileged users the most dangerous insider? (Help Net Security) 92 percent of healthcare IT decision makers reported that their organizations are either somewhat or more vulnerable to insider threats, and 49 percent felt very or extremely vulnerable

Survey finds younger workers make bad security choices (CSO) Biggest downsides with smartphones are tied to high-earning, younger male workers

Phishers increasingly target banks and ISP accounts (Help Net Security) Phishing against banks and ISPs rose markedly compared to other sectors in the third quarter of 2014, according to the APWG. The number of brands being attacked remains high, and malware variants continue to proliferate at record rate of increase

Enterprise Security Threat Level Directly Linked to User Demographics, Industry and Geography (BusinessWire) Aruba Networks, Inc. (NASDAQ:ARUN) is calling for businesses worldwide to take action as a new mobile security risk report reveals that businesses are ill prepared for the high-risk, high-growth mindset of the #GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data

Data Breaches Common in Health Care Industry (eWeek) More than a quarter (26 percent) of health care respondents reported that their organization had previously experienced a data breach

First Lose the "Cyber" — Then We Can Talk (Dark Matters) How can information security ever be taken seriously as an industry with people — and some professionals — using such a silly term? Cyber?

Marketplace

PANW/FEYE top Piper security checks; PFPT/FTNT/IMPV underperform (Seeking Alpha) A Q1 Piper survey of security resellers found of 54% of Palo Alto Networks (NYSE:PANW) resellers stating their sales were above plan during the quarter, the highest figure among 10 covered firms. 19% were below plan, and 27% in-line

FireEye down 3.1% in wake of 60 Minutes broadcast (Seeking Alpha) After rising 5.3% on Friday on news COO Kevin Mandia would be appearing on a Sunday 60 Minutes segment about state-sponsored cyberattacks, FireEye (NASDAQ:FEYE) is returning a chunk of its gains today

Small Cap KEYW Holding Corp (KEYW): Are the Shorts Loosing Interest? LDOS & MANT (SmallCap Network) Small cap cybersecurity stock KEYW Holding Corp (NASDAQ: KEYW), a potential peer of Leidos Holdings Inc (NYSE: LDOS) and Mantech International Corp (NASDAQ: MANT), now has short interest of 36.20% — down from 41.76% registered last December

Verint Systems: Tremendous Upside Possible (Seeking Alpha) Favorable industry tailwinds include the growth outlooks for big data analytics, cybersecurity and fraud markets. Large and diverse customer base minimizes the company's exposure to any one sector, country or region. Margins will continue expanding due to a highly scalable and capital-light business model. FX headwinds will persist going forward. DCF indicates significant undervaluation

Encryption, Innovation, and the Cyber Gold Rush (SoundCloud) New America's Peter Singer and Passcode's Sara Sorcher chat with Alex Stamos, Yahoo's chief information security officer and world renowned cybersecurity expert, about his company's new end-to-end e-mail encryption rollout, what it?s like to lead a team of "Paranoids" and why people who have his job are so stressed out

Duo Security Raises $30 Million Led By Redpoint To Protect Enterprises Against Data Breaches (TechCrunch) Duo Security, the two-factor authentication startup backed by Benchmark and Google Ventures, wants to do more to help protect companies from hackers trying to gain access to their networks. With that goal in mind, it's launching a new product to secure their networks and announcing $30 million in new funding led by Redpoint Ventures

In the wake of post-NSA mistrust, Illumio raises $100M to take its software-based security platform global (Pando Daily) Illumio has raised a $100 million Series C funding round to continue working on its software-based security platform, hire more engineers for research and development, and expand sales offices in Singapore and the United Kingdom

Security Startups Might Thank Snowden For Funding (Investor's Business Daily) The cybersecurity startup ecosystem has an unlikely benefactor: Edward Snowden. When Snowden famously exposed post-9/11 National Security Agency mass-surveillance practices in 2013, the whistleblower changed the face of the cybersecurity threat and ignited record levels of venture capital into security

FireMon promises better security for government, enterprises with Immediate Insight acquisition (Channelnomics) FireMon announced its acquisition of Immediate Insight today. According to FireMon, with Immediate Insight, the security intelligence solutions provider has added speed comparable to a search engine as well as simplified analysis to its operational security event data

IBM (IBM) Announces Acquisition of Intelligence Cloud Company, Explorys (Street Insider) IBM (NYSE: IBM) announced plans to acquire Explorys, a healthcare intelligence cloud company that has built one of the largest clinical data sets in the world, representing more than 50 million lives. The acquisition strengthens IBM's leadership position in healthcare analytics and cloud computing, and will help bolster its ability to extract and share deep insights to improve wellness and benefit patients

Symantec may flog off Veritas — but where's the CEO hunt at? (Register) PE sale instead of float on the cards

Nokia and Alcatel-Lucent holding acquisition talks (ComputerWeekly) Finnish networking supplier Nokia is holding acquisition talks with French network infrastructure firm Alcatel-Lucent

Qualcomm under pressure from activist investor to split (MicroScope) The world's largest smartphone processor maker Qualcomm is reportedly under pressure from one of its largest shareholders to spin-off one of its most profitable divisions

EMC turns to Azlan to reach more MSPs (MicroScope) It took a while for the answer to the question around the role of distribution in a cloud world to emerge but the importance of using that tier of the channel to help vendors support resellers is now being underlined on a regular basis

Report: BAE May Seek To Appoint Foreign CEO (Defense News) BAE Systems has sought approval from the British government to appoint a foreign chief executive, according to media reports here

When cyber talent isn't drawn to government, hackers run amok (Federal News Radio) In the nationwide talent grab for cybersecurity experts, new research shows federal agencies can't compete with the perks offered by top-tier companies

More & more non-profit organisations giving credence to ethical hackers (Economic Times) Apoorva Giri and Shruthi Kamath met at last year's Null conference, a meet designed to spread awareness to the public on cybersecurity. Only, the crowd was predominantly techie

Products, Services, and Solutions

AlienVault Announces More Social Threat Exchange (TechCrunch) AlienVault, a cybersecurity firm aimed at SMBs, announced the Beta of Open Threat Exchange (OTX) 2.0. The company bills it as a threat intelligence sharing platform, and the social component it has added in the latest version enables members to discuss security threats on a social network

Competing with Honeywell, Siemens and Bosch, SecurAX offers cloud-based model to enable plug-n-play security solutions (Your Story) With more information comes more power and with more power comes a greater need for security

Silect Software Announces New Real-time Compliance Monitoring Solution for Microsoft System Center 2012 Powered by HITRUST (QKEG) Silect Software Inc., a leading provider of management solutions for Microsoft System Center 2012, today announced that it has partnered with the Health Information Trust Alliance (HITRUST) and Microsoft to deliver a new real-time compliance monitoring solution that is fully integrated with Microsoft System Center 2012. The HITRUST Real-Time Compliance (RTC) Pack enables organizations to benefit from real-time, operational awareness to help enhance security and compliance

U Central Florida Enhances IT Security with Privileged Account Management System (Campus Technology) The University of Central Florida has implemented a new password management system to provide IT staff with privileged access to the enterprise systems it uses to support the campus

New Norse Intelligence Service Spots Attacks in Progress (BusinessWire) 24x7 continuous threat monitoring, alerting and analysis from Norse for extended enterprise/partner networks

Technologies, Techniques, and Standards

How the NSA Is Using the Cloud To Thwart the Next Snowden (Nextgov via Defense One) In a post-Snowden world, is it really a good idea to have analysts swimming around in one vast ocean of NSA secrets and data?

New security requirements for payment card vendors (Help Net Security) The PCI Security Standards Council (PCI SSC) has published version 1.1. of its PCI Card Production Security Requirements. The updated standard helps payment card vendors secure the components and sensitive data involved in the production of payment cards, protecting against fraud via the compromise of card materials

Hacker Lexicon: What Are Chip and PIN Cards? (Wired) Banks across the US are in the middle of rolling out a new type of secure credit and debit card to customers, while retailers are installing new card readers to process them. By October, all credit and debit card purchases must use a technology called chip and PIN or the card issuer or retailer would face fines if card data is stolen and used by thieves. The dictum comes from Visa and MasterCard in the wake of high-profile bank card breaches at Target and other businesses over the years. The new EMV, or so-called chip and PIN cards, have an embedded microchip that authenticates the card as a legitimate bank card

A quick way to tell if your PC was infected by the Simda botnet (Graham Cluley) Interpol and a variety of key players in the computer security industry have announced the takedown of the Simda botnet, believed to have infected some 770,000 PCs around the world

CoinVault ransomware decryption keys released (ZDNet) A repository of CointVault ransomware decryption keys obtained by the Dutch police from a seized server have been shared online by security company Kaspersky

How to Recover When Hackers Invade Your Email (TechZone360) Hacking is everywhere in the news these days, and for good reason: it is more prevalent and damaging than ever before. Just ask Anthem, the United States' second-largest health insurer who announced in February that it had suffered a major breach. While no electronic medical records were compromised, thieving hackers stole sensitive user information: names, addresses, and Social Security numbers. In fact, 79 million individuals' data — current and former customers, employees, and even non-customers — was stolen. The hackers believed to be responsible for the attack had been inside the Anthem system for months. Anthem left all of its user account information unencrypted, reportedly because encryption is inconvenient

Recreating the AC/DC Thunderstruck Worm with PowerShell and Metasploit (Dark Matters) About three years ago, computer workstations at two Iranian nuclear facilities allegedly began playing AC/DC's Thunderstruck at random times and at full volume. How cool would it be to use this during your next computer security pentest? Well, you can!

What is Email Encryption? (Digital Guardian) Email encryption defined in Data Protection 101, our series on the fundamentals of data security

Design and Innovation

Is DARPA's Memex search engine a Google-killer? (Naked Security) The history of computing features a succession of organisations that looked, for a while at least, as if they were so deeply embedded in our lives that we'd never do without them

My voice is my passport: Android gets a "Trusted Voice" smart lock (Ars Technica) "OK Google" voice commands can get authorization from the sound of your voice

Research and Development

Israeli Wins Top Computing Prize For Cryptography Breakthrough (Shalom Life) Stanford's Dan Boneh honored for innovations in the field of cryptography that improve computer security and privacy

Legislation, Policy, and Regulation

The UN wants to make sure we're not developing killer robots we can't control (Quartz) The United Nations has a lot of things to worry about. Famine, war, inequality, discrimination, epidemic disease… and now, reports New Scientist, the threat of autonomous robots that could destroy us on a whim

China's Growing Cyberwar Capabilities (The Diplomat) A recent attack on GitHub highlights China's growing expertise — and aggression — in cyberspace

US Gov stops Intel updating China's supercomputer (IT Pro) White House intervenes to prevent Intel sending China Xeon chips for planned upgrade

U.S. Blacklisting of China's Supercomputers May Backfire (IEEE Spectrum) When China wanted to upgrade Tianhe-2, currently the world's fastest supercomputer, it turned to U.S. chipmaker Intel. But the U.S. government has blocked Intel from helping with the tech upgrade and blacklisted several Chinese supercomputing centers over concerns for their involvement in nuclear weapons development. Experts warn that in the long run such a move may hurt the business of U.S. chipmakers and encourage China to speed up its homegrown chip development

Frenemies US and China join forces to fight cyber crime (Engadget) The US and China are going to try to work together to take on cyber criminals. The Department of Homeland Security says that the US and China "intend to establish cyber discussions" on the path to reestablishing full government-to-government cyber security discussions. The DHS and China's Ministry of Public Sector agreed to focus on cross border cyber-enabled crimes like money laundering and online child sexual exploitation. The renewed interest in cooperation is the result of DHS Secretary Jeh Johnson's visit to Beijing

IDF could unify cyber defense and offense into single branch (Jerusalem Post) As the IDF becomes increasingly dependent on digital networks for its combat capabilities, the issue of cyber security has become paramount

Mocking Ecuador's President Can Cost You Online Anonymity (Global Voices) The public battle between social media satirists Crudo Ecuador and Ecuadorian President Rafael Correa continues

Litigation, Investigation, and Law Enforcement

Colombian Hacker Gets 10 Years for Spying on FARC Peace Talks (PanAm Post) Orders to Sabotage Negotiations Came From President Uribe, Says Sepúlveda

Eighth-grader charged with felony for shoulder-surfing teacher's password (Ars Technica) The larger crime may be school administrators' poor op sec

Hacker who cloned Bill Gates's credit card is arrested in Philippines (Graham Cluley) Some criminals aim high

Pro-Palestine hackers fund charities with stolen Israeli credit cards (Daily Dot) A Muslim hacktivist group is using stolen Israeli credit cards to fund Palestinian charities, according to the group's leader. The group, known as AnonGhost, reportedly gained access to credit card credentials after hacking into dozens of Israeli websites

County prosecutor says it has no idea when stingrays were used, so man sues (Ars Technica) Cook County: We have "no way of knowing the identity of [such] criminal cases"

Net neutrality rules published, lawsuit to overturn them immediately filed (Ars Technica) After Federal Register publication, trade group for ISPs files suit

Prosecutors suspect man hacked lottery computers to score winning ticket (Ars Tecnica) Former security director may have tampered with number generator to win $14.3M

Man gets 150 months in prison for selling stolen and counterfeit credit cards (Help Net Security) A member of the identity theft and credit card fraud ring known as Carder.su was sentenced to 150 months in federal prison for selling stolen and counterfeit credit cards over the Internet. He was further ordered to pay $50.8 million in restitution

Man's social media post lands him in court (Emirates 24/7) Accused of blaspheming

An ambitious Russian court has banned 136 internet porn sites (Quartz) Vladimir Putin once said that half the internet is nothing but "porno materials." While a major academic study in 2010 found that, in reality, just 4% of websites were pornographic, it's an undisputed fact that there is indeed a lot of adult-rated material on the web

"Revenge porn" in UK now punishable by two years in prison (Ars Technica) Law also stiffens penalties for online "trolls" who cause "distress or anxiety"

Eugene Kaspersky: Standing up to bullies and why we'll never capitulate (International Business Times) Q: Why won't sharks attack lawyers? A: Professional courtesy. I overheard that joke once when I was on a flight. For some reason, it stuck with me. While it's obviously a tad harsh to tar all lawyers with the same brush, my recent encounters with legal practitioners have done little to disprove the accuracy of this joke

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

INFWARCON (Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever...

Southern Africa Banking and ICT Summit (Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security...

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors...

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

Upcoming Events

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

INFILTRATE Security Conference (Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.