skip navigation

More signal. Less noise.

Daily briefing.

Debate continues over the recent American Enterprise Institute warning of Iranian cyber offensives against US interests.

"Unnamed US officials" are telling journalists that intrusion into US State Department and White House networks was "far more intrusive and worrisome than has been publicly acknowledged." The hack is generally believed to have been the work of the Russian security services, although the White House itself continues to resist this attribution. (Tripwire's Melacon, commenting on the episode, notes that, whoever was in the networks, once they're there and have established persistence, it's tough to evict them.)

SourceDNA warns (via Ars Technica) that some 25,000 iOS apps are vulnerable to man-in-the-middle attacks. The vulnerability affects apps using any version of AFNetworking earlier than version 2.5.3.

Parties unknown are making a run at SIGAINT, a darknet service designed to provide journalists with private email. At least seventy bad Tor exit nodes have been established.

Open-source Wi-Fi security program wpa_supplicant is discovered to suffer from a buffer overflow vulnerability.

Websense employees are being phished in the wake of their company's acquisition by Raytheon. The poor usage and weak syntax will fool few of them, but the campaign is a good reminder of what bogus email looks like.

"Operation Green Rights" hacktivists, who claim Anonymous affiliation, disrupt the Thirty Meter Telescope website. The hacktivists don't want them building on Hawai'i's Mauna Kea.

The cyber sector continues to struggle with estimating data-breach financial losses.

BAE prepares to divest itself of units offering services to the US Intelligence Community.

Notes.

Today's issue includes events affecting Canada, China, Germany, Iran, Israel, Nigeria, Romania, Russia, Slovakia, United Kingdom, United States.

Dateline RSA

RSA Conference 2015 in retrospect (Naked Security) It's the week after the week before, which means the RSA Conference 2015 in San Francisco is over

166816 (Z66816): A post-RSA Conference recap (CSO) Sadly, people want blinking boxes and default credentials

Luminaries Discuss Hot Security Trends, From Clouds to Hacks, at RSA (eWeek) The 2015 RSA Conference from April 20 to 24 brought in more than 30,000 attendees to the Moscone Center here. At every RSA conference, the keynote speakers are a big draw, and the 2015 event was no exception

Slideshow: RSA 2015 delivers insight on breaches, threat intelligence (Dell Power More) The RSA Conference in San Francisco, held April 20-24, brought stimulating discussion on topics such as threat intelligence, privacy and cloud security

RSA Conference: End of Show Report (Tenable Blog) Over this past week, I attended both the Security B-Sides conference and the RSA Conference in San Francisco. Armed with camera and microphone, I interviewed over 100 security experts about the best advice they ever received on cloud security, the scariest thing they've ever seen on a network, and how they answer the CEO when he asks, "How secure are we?"

RSA Changing Internally Along With Rest of Security World (eWeek) Here are some of the key points eWEEK noted following RSA Security 2015, the largest security conference in the world

Cybersecurity At RSA: All About The Tools, No Trouble? (Forbes) You could tell by the din that the RSA Conference in San Francisco this week is the largest enterprise IT security confab in the world. The fact that several prominent breaches over the last year have shaken the C-suite out of its ostrichlike complacency clearly turned the volume up on this show all the way to eleven. So now money seems to be flowing into IT security like never before, adding to the commotion

At cybersecurity gathering, the White House steps up charm offensive (Christian Science Monitor Passcode) US government officials ventured to the West Coast to win over the security community and business leaders as Internet security proposals make their way through Congress

The DHS brings its infantile, cyber-fantasy world to RSA 2015 (ZDNet) In his RSA 2015 keynote on national cybersecurity threats, Homeland Security head Jeh Johnson told an audience of cybsersecurity experts something so wildly impossible, it almost went unnoticed

NSA Surveillance Since Snowden Revelations is Strong as Ever, According to RSA Attendees (Street Insider) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced the results of a survey of 202 RSA Conference 2015 attendees conducted between April 20th and 21st in San Francisco, which found that 94% of surveyed attendees feel that the NSA's surveillance of U.S. citizens has increased or remained the same since Edward Snowden leaked classified information from the agency in June 2013

It Started With a Hack: How an NSA Director Became a Four-Star General (eWeek) At the RSA Conference, retired Gen. Keith Alexander, a former NSA director, had a message for Edward Snowden and a plan for a new security startup

Understanding Global Differences in Data Breach Laws Critical to Incident Response (SecurityWeek) Examine the Ponemon Institute's '2014 Cost of Data Breach Study' and it becomes clear there is a vast difference in the costs of dealing with a data breach in different parts of the world

New Threats Range From 'Dribbling Breached Data' to IoT and Toys (eWeek) Researchers highlight some newer threats and security trends such as "dribbling breached data," which refers to the incremental release of hacked data

RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns (SC Magazine) The law of unintended consequences on the Internet will only get worse with the explosion in the number of connected devices. That's according to Gib Sorebo, chief cyber-security technologist at Leidos, who addressed a session at the RSA conference session, "Managing the Unmanageable: A Risk Model for the Internet of Things"

NINETY PER CENT of Java blackhats migrate to footling Flash (Register) Patch-or-die policy makes net scum move on to softer target

RSA 2015: In the healthcare industry, security must innovate with business (SC Magazine) The cost per healthcare record stolen in a data breach in 2014 was $359, a figure that Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming

Long-duration advanced persistent threat attacks now the norm, say experts (TechTarget) Threat experts at RSA Conference 2015 say today's most dangerous attack techniques reflect a shift toward long-duration attacks that are often nearly impossible to detect

Clarity needed to cultivate next-gen cybersecurity workforce (TechTarget) Millennials are reportedly the key to remediating the cybersecurity workforce shortage, but the up-and-comers lack clarity into what the job entails — and whether or not they are ready for the challenge

Huawei unveils FireHunter Sandbox product at RSA 2015 (Telecompaper) Huawei unveiled its new FireHunter Sandbox at RSA Conference 2015. Designed to prevent advanced persistent threat (APT) attacks, the New FireHunter Sandbox can detect and report up to 99.5 percent of "grey" traffic in through local and cloud techniques such as reputation scanning, behavior analysis, and big data correlation

Pwnie Express Sets Its Sights on the Enterprise (eWeek) Pwnie Express is a company that is well-known in the security researcher community for its hardware-based penetration testing tools. Now, the company is positioning itself to go into the broader enterprise market as a product and services vendor that can help organizations find rogue devices and reduce the risk for attacks

Automate root cause prevention of network compromise (Help Net Security) FireMon announced at RSA Conference 2015 significant advancement of its core platform through the introduction of Security Manager 8.0, which leverages highly automated analysis and monitoring of security infrastructure to identify and resolve emerging gaps in network defense

Centrify launches cloud-based privileged identity service (Help Net Security) At RSA Conference 2015 Centrify Corporation announced the launch of Centrify Privilege Service (CPS), a cloud-based identity management solution that addresses today's growing gap in security, visibility and control over privileged accounts

Monitoring user activity in proprietary business-critical apps (Help Net Security) Fortscale Security announced at RSA Conference 2015 that it's extending its User Behavior Analytics (UBA) solution to offer visibility into user activity in proprietary business-critical applications

Protecting identities from the endpoint to the cloud (Help Net Security) At RSA Conference 2015, RSA launched the RSA Via family of Smart Identity solutions, engineered to combine authentication, identity and access management, and identity governance silos into one unified solution that allows dynamic, end-to-end identity management across diverse systems and users

And the most entertaining security blog is… (Graham Cluley) I'm deeply honoured to announce that this site has been recognised at the RSA Security Blogger Awards, held last night in San Francisco

Naked Security wins Best Corporate Blog at RSA (Naked Security) I'm so happy to say we've done it again! For the fifth year running, we've won an award at the Security Blogger Awards which takes place at the RSA Conference in San Francisco

Cyber Attacks, Threats, and Vulnerabilities

Iranian cyberwar is a US right wing myth (Fudzilla) Claims that Iran has been conducting a cyberwar against the United States have been greatly exaggerated by US conservatives

Obama's emails accessed in White House breach, say officials (ComputerWeekly) Hackers were able to access confidential emails of US president Barack Obama when they breached White House computer networks in late 2014, according to officials

Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks (Ars Technica) Just when you thought it was safe to use AFNetworking apps, a new threat emerges

70 bad exit nodes used in attack against Tor-based SIGAINT (Help Net Security) Darknet email service SIGAINT, which aims to provide email privacy to journalists, has been targeted by unknown attackers using at least 70 bad exit nodes, the service's administrator has shared on the tor-talk mailing list on Thursday

Wi-Fi security software chokes on network names, opens potential hole for hackers (Naked Security) A bug has just been announced in an open source program called wpa_supplicant

Bad Actors Target Websense Employees in Wake of Raytheon Deal (Infosecurity Magazine) On Monday, April 20, Raytheon and Websense announced a new venture, outlining the defense industry contractor's planned acquisition of 80% of the internet security firm. By Thursday, April 23, emails with the subject "Welcome to join Raytheon!" started landing in Websense employee mailboxes, signaling the kickoff of an ambitious attack

IBM Blocks 'Bar Mitzvah' Attack In SSL/TLS (IT Jungle) IBM recently issued a security bulletin for a newly discovered security vulnerability — a weak cryptography algorithm in the SSL/TLS protocol stack — hat could allow hackers to steal data. That vulnerability was dubbed the "Bar Mitzvah Attack" by the security researcher who discovered it because it uses a 13-year-old weakness in the RC4 algorithm

Angriffe via Google AdSense Werbebanner: In den Fängen der Cyberattacken (Monitor) Angreifer haben das Google AdSense Werbenetzwerk zur Verbreitung von Schadprogrammen an Millionen Internetnutzer missbraucht. Erfolgreich abwehren konnte diese Attacken der G Data Exploit-Schutz. Grund für die Angriffe war ein kompromittierter Zulieferer für das Werbenetzwerk

Hawaii's Thirty Meter Telescope Website Suffers Temporary Disruption From Cyberattack (International Business Times) The main website of the Thirty Meter Telescope (TMT), the organization trying to build one of the world's largest telescopes on the peak of Mauna Kea on Hawaii's Big Island, was temporarily disrupted by a cyberattack on Sunday, authorities reportedly said. The website, which was running normally by Sunday evening, was down for about two hours

Oil, gas operators could be vulnerable to hackers (Sentinel) In the vast network of data, drilling and pipes that's made Marcellus shale an international energy reserve, computer attacks pose a serious threat. Hackers target energy companies all the time because of the information and technology involved, but the public rarely hears about it, said Paul Kurtz, CEO of TruSTAR Technology

UK rail signals could be hacked to cause crashes, claims prof (Register) He's also flogging anti-hack tech. Make of that what you will

Bulletin (SB15-117) Vulnerability Summary for the Week of April 20, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Microsoft acknowledges — but doesn't fix — KB 3038314 installer fail with error 80092004 (InfoWorld) However there's still no admission that MS15-032 blocks the installation of search providers

Cyber Trends

The hotly disputed black magic of data breach cost estimates (Fortune) A single stolen customer record costs probably somewhere between $0.58 and $201. What's the best model?

Bitcoin virtual currency losing appeal for cyber-thieves (Thai Tech) Cyber-currency bitcoin is becoming much less attractive to cyber-criminals and hackers, claims a security expert. The anonymity of the virtual cash has in the past made it a favourite with cyber-thieves who blackmail victims with all manner of viruses. Now, hi-tech gangs are quickly converting payments into other currencies, according to IBM security expert Etay Maor in a recent interview

Awareness Grows for File Transfer Security, But Still Work to Do (Infosecurity Magazine) Security awareness when it comes to file-sharing via services like Dropbox is beginning to escalate, even in verticals where compliance requirements are less of a hallmark. But the healthcare industry still has a lot of work to do

What's Your Security Maturity Level? (KrebsOnSecurity) Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think '15 pieces of flair'). When the phrase "security maturity" came to mind, I thought for sure I'd conceived of an original idea and catchy phrase

With ransomware on the rise, cryptographers take it personally (IDG via CSO) Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed

Marketplace

Hack attacks 'discourage' investment in targeted companies (IR Magazine) Fewer than 50 percent of boards have skills needed to deal with cyber-security, KPMG study shows

BAE spies its window of opportunity for sell-off (Times) BAE Systems is to sell off a fifth of its American operations that provide support for the CIA, the FBI and the Pentagon and intelligence back-up for the US military

Sophos founders to share £250m from upcoming flotation (Telegraph via Yahoo! Finance) Jan Hruska and Peter Lammer still own around a quarter of the cyber security business they founded 30 year ago

How this Security Startup Joined the Unicorn Club (Alley Watch) The recent cyberattacks on Target, Sony, Anthem, eBay, JPMorgan and Home Depot all share a common trait: They overpowered the very technology designed to stop them. Same situation with the 2014 Heartbleed bug, a major security vulnerability that left numerous websites open to data theft

Steve Wadey Joins QinetiQ as New Chief Executive Officer (twst.com) QinetiQ has welcomed its new Chief Executive Officer (CEO), Steve Wadey, who joined the company today

Neustar Hires Mark Tonnesen as CISO; Lisa Hook Comments (GovConWire) Mark Tonnesen, formerly an executive consultant at MapMyID, has joined Neustar Inc. (NYSE: NSR) as chief information and security officer

Products, Services, and Solutions

LogRhythm Named Best SIEM Solution by SC Magazine Readers at 2015 SC Awards Event (MarketWatch) Company's Security Intelligence and Analytics Platform recognized as best industry solution

Technologies, Techniques, and Standards

Don't count on people to prevent data breaches (CIO) As malware gets more sophisticated and hostile, columnist Rob Enderle says we can't always count on people to do the right thing. He offers his plan to deal with the weak link

We're stuck with passwords: Here's how to make them work better for you (ZDNet) Because no matter how many times they tell you that passwords are passe, you're still going to be using them for the rest of your life

Design and Innovation

The invasion of biometrics (Help Net Security) Depending on where you stand biometrics is a good thing or something that is downright sinister. The truth is that to a degree biometric technologies have a valid and useful purpose but also have the potential to be invasive to a degree never before known to humankind

Research and Development

L'ordinateur quantique du futur doit encore émerger des limbes (La Tribune) Promis à surpasser en puissance les supercalculateurs actuels, l'ordinateur quantique s'apprête à générer un marché énorme. Mais jusqu'ici, seule la start-up canadienne D-Wave a vendu deux machines qu'elle dit «quantiques ». La communauté scientifique reste dubitative

Academia

IBM and STU found research centre (Slovak Spectator) IBM company, together with the Slovak University of Technology in Bratislava (STU) and the DWC Slovakia company are preparing a project to found a research centre for analysis and protection of data in mobile devices

University of Central Florida wins 2015 National Collegiate Cyber Defense Competition (MarketWatch) Competition presented in partnership with Raytheon recognized the very best future cyber security talent

Chase students are cyber champions (Malvern Gazette) A team of sixth-form cyber apprentices from the Chase claimed the runners-up prize in the national finals of the UK Cyber Centurion Competition

Legislation, Policy, and Regulation

Official: US Readying Hacking-Related Sanctions (ABC News) The U.S. government is preparing to order the first round of sanctions against foreign entities or individuals involved in hacking, according to a senior Department of Justice official, in what will be the first test of the government's newest tool in cyber deterrence

Analysis: Israel, US both face cyber threats, but capabilities differ (Jerusalem Post) The sanctions real target is not the cyber attackers, but those gathering intelligence, shutting down servers and stealing funds or trade secrets

Two Observations About The New DOD Cyber Strategy (Lawfare) The publication of DOD's new cyber strategy is a milestone and a major step forward in the cyber policy debate. In particular, the strategy is notable for its relative openness about the use of offensive options

Pentagon cybersecurity strategy comes with olive branch to Silicon Valley (Christian Science Monitor Passcode) In the first visit to Silicon Valley by a Defense secretary in nearly 20 years, Pentagon chief Ashton Carter rolled out the national cybersecurity defense strategy on Thursday during a trip meant to repair ties with the technology industry

Moran Introduces Legislation to Create Cyber-Security Info Sharing Tax Credit (Hays Post) U.S. Senators Jerry Moran (R-Kan.), Chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Kirsten Gillibrand (D-N.Y.) have introduced legislation to address critical cyber security vulnerabilities by helping to create a network of trusted partnerships across the public and private sectors aimed at detecting, preventing and mitigating cyber threats through information sharing

Industry wary of House-passed cyber bills (Federal Times) Over the course of two days, the House of Representatives passed two bills that would authorize the sharing of cyber threat information between private sector companies and federal agencies. The bills are the first step toward President Obama's goal of establishing an information sharing network but the end could be a long way off

Insurers mull proposed cyber rules (Business Insurance) The National Association of Insurance Commissioners' cyber security regulatory guidance for the insurance industry is receiving generally positive reviews

Men in black — NATO's cybermen (NATO/OTAN) There are six men. All dressed in black like the ones in the famous movie. They have black cases too but they are not using their technology to erase your memory. Their name: NATO Rapid Reaction Team, or RRT. Their aim: to provide assistance to NATO nations or facilities suffering a cyber attack

Litigation, Investigation, and Law Enforcement

US releases 6-year-old NSA surveillance report (PBS) With debate gearing up over the coming expiration of the Patriot Act surveillance law, the Obama administration on Saturday unveiled a 6-year-old report examining the once-secret program to collect information on Americans' calls and emails

Police breaks up cybergang that stole over $15 million from banks (IDG via CSO) Romanian authorities have detained 25 people who are suspected of being members of an international gang of cyberthieves who hacked into banks, cloned payment cards and used them to steal over $15 million

FTC sanctions phone location tracking company for not allowing customer opt-out (Naked Security) Readers of Naked Security might be familiar with how retail businesses are taking advantage of mobile phone technology to track customer movements while they shop

Nigerian accused of hacking bank computer to steal $340 million (Naked Security) A Nigerian man has been arraigned in an Abuja high court, charged with hacking into a bank server and siphoning out more than N68 billion (over $340 million, £225 million)

Student jailed for using keylogger to up his exam marks (Naked Security) A university student who plugged keyloggers into his school's computers to snatch staff passwords, access the exam application and jack up five test scores has been jailed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies,...

Upcoming Events

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

INFWARCON (Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever...

Southern Africa Banking and ICT Summit (Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...

WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas...

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security...

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science...

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.