skip navigation

More signal. Less noise.

Daily briefing.

RSA Security finds a large VPN service catering to Chinese APT actors. RSA calls the service "Terracotta" and claims that, while it runs some legitimate services, hacked Windows servers constitute most of its network. Deep Panda is said to be a customer.

The Etowah County Sherriff becomes the latest Mississippi basin victim of a Middle Eastern hacktivist. Kurdish hacker MuhmadEmad, known for anti-ISIS activities, goes after his northeastern Alabama target in an apparent protest against Turkish airstrikes against the Kurdish Peshmerga. (Etowah's Sherriff of course has nothing to do with any air campaign; he's simply a poorly protected target of opportunity.)

Anonymous downs several Taiwanese government websites because they object to a revised Kuomintang-sponsored high school curriculum Anonymous sees as wrongly emphasizing Taiwanese identity.

The recently upgraded RIG exploit kit is reported to have scored at least a million and a half infestations. SpiderLabs takes a look at RIG's architecture.

Community networking platform dubizzle, widely used in the Middle East, suffers a breach. Users are advised to protect themselves.

A Mac zero-day, effective against fully patched instances of OS X, is being actively exploited in the wild. The privilege-escalation bug derives from error-logging features recently added to OS X 10.10.

Those worried about transportation hacking can add electronic skateboards to the list of proven targets.

Yahoo finds and removes malvertising from its network. The malicious ads (discovered by Malwarebytes) had been active for nearly a week.

Observers wonder why big defense contractors exit cyber markets.

German suspends bloggers' treason inquiry.

Notes.

Today's issue includes events affecting Bahrain, China, Egypt, Germany, Japan, Jordan, Kenya, Kuwait, Malaysia, Oman, Qatar, Saudi Arabia, Singapore, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Researchers Uncover 'Terracotta' Chinese VPN Service Used by APT Crews for Cover (Threatpost) Building a business can be expensive and time-consuming, and owners will look for ways to save money wherever they can. Researchers from RSA Security have found a VPN provider in China that is taking this to an unusual extreme: hacking Windows servers around the world for use as VPN nodes on a network that is used as cover by some APT groups

Chinese VPN Service as Attack Platform? (KrebsOnSecurity) Hardly a week goes by without a news story about state-sponsored Chinese cyberspies breaking into Fortune 500 companies to steal intellectual property, personal data and other invaluable assets. Now, researchers say they've unearthed evidence that some of the same Chinese hackers also have been selling access to compromised computers within those companies to help perpetuate future breaches

Anti-ISIS Kurdish Hacker Targets Etowah County Sheriff's Office Website (HackRead) MuhmadEmad, a Kurdish hacker known for his anti-ISIS views is back in news and this time with yet another high-profile hack — The hack may not be a selected one but good enough to deliver the message

Anonymous Brings Down Taiwan Government Websites (HackRead) The online hacktivist Anonymous has shut down Taiwan government websites and has termed the act as "just the beginning" of a series of attacks

Web Attacks Employing Upgraded Crimeware Kit Hit 1.5 Million Users (Dark Reading) RIG 3.0 used to infect millions of Internet Explorer (IE) users worldwide — mostly via malvertising

RIG Reloaded — Examining the Architecture of RIG Exploit Kit 3.0 (SpiderLabs® Blog) A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a disgruntled reseller. At the time we wrote a blog post detailing the inner workings of RIG's infrastructure and business model, comprised mainly of three layers: administration server, VDS and PROXY servers

Thousands of Dubizzle users told to change passwords after 'security breach' (The National) Thousands of dubizzle users have been told to change their passwords after a "security breach" compromised some information stored on the online company's database

0-day bug in fully patched OS X comes under active exploit to hijack Macs (Ars Technica) Privilege-escalation bug lets attackers infect Macs sans password

Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals (Threatpost) A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week's Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that survives reboots and operating system reinstallations

Tripwire uncovers smart home hub zero-day vulnerabilities (SC Magazine) The security firm Tripwire reported that its Vulnerability and Exposure Research Team detected several zero-day vulnerabilities in three of the top-selling smart home hubs available on Amazon that could leave users open to a wide range of dangers

Chrome extensions easily disabled without user interaction (Help Net Security) Independent researcher Mathias Karlsson has discovered a vulnerability that can be exploited to disable Chrome extensions without user interaction

Operation Liberpy Collects More Than 2,000 Bots within Just Months (Spamfighter) A botnet of HTTP type used to log keystrokes that's dubbed Operation Liberpy and which has been filching data from end-users' computers since August 2014, hijacked over 2,000 PCs within just months, says ESET the security company

Cleaning up botnets takes years, if ever, to complete (IDG via CSO) In late 2008, a worm called Conficker began infecting millions of computers, startling the computer security community into action

Whatever Happened to tmUnblock.cgi ("Moon Worm") (Internet Storm Center) Last year, we wrote about the "Moon Worm", a bitcoin mining piece of malware that infected Linksys routers. Ever since then, I have seen lots and lots of hits to the vulnerable cgi script ("tmUnblock.cgi") in our honeypot logs. Just a quick graph of the volume

Hackers Can Seize Control of Electric Skateboards and Toss Riders (Wired) Richard "Richo" Healey was riding his electric skateboard toward an intersection in Melbourne, Australia, last year when suddenly the board cold-stopped beneath him and tossed him to the street. He couldn't control the board and couldn't figure out what was wrong. There was no obvious mechanical defect, so being a computer security engineer, his mind naturally flew to other scenarios: could he have been hacked?

Battery Attributes Can Be Used To Track Web Users (TechCrunch) A team of European security researchers has published a paper analyzing how the battery life of mobile devices could be used to track web browsing habits of Firefox users on Linux, using the HTML5 Battery Status API

Can you trust Tor's entry guards? (Naked Security) New research from MIT (Massachusetts Institute of Technology) shows how malicious Tor entry guards can strip away the Dark Web's anonymity features, exposing users and the hidden websites they visit

BitDefender classifies 'piracy monetisation' site Rightscorp as malware (SC Magazine) Peer‐to‐Peer (P2P) file sharing tracker initially condemned due to false positive

Bitdefender suffers data breach, customer records stolen (ZDNet) A hacker is demanding $15,000 in payment or they plan to release customer details online

Yahoo tackles large 'malvertising' campaign in its ad network (CSO) Yahoo said Monday it had removed malware from its advertising network, after malicious code there had gone undetected for at least six days

Malvertising attacks increasingly target mobile apps, says RiskIQ report (FierceMobileIT) Malvertising campaigns are increasingly targeting mobile apps, according to a new report from RiskIQ

Cyber-attack targets Donald Trump corporate network, Gawker.com posts old Trump cell number (Newser) Attack targets Trump website, Gawker posts old cell number

Health records of 5.5 million US patients accessed in MIE breach (Help Net Security) The Indiana Attorney General's Office has launched an investigating into the recent breach suffered by Medical Informatics Engineering (MIE) and its subsidiary NoMoreClipboard, which resulted in the potential compromise of personal and medical information of nearly 5.5 million US citizens (1.5 million Indiana residents and 3.9 million people in other states)

Attorney: Dakota Dunes clinic cyber attack affects data for more than 13,000 patients (Sioux City Journal) Siouxland Pain Clinic sent letters Friday to more than 13,000 patients that their medical and other personal information may have been exposed in a hacking attack, a lawyer for the clinic said Monday

US-CERT Warns of Continuous Exposure to Zero-Day Phishing Campaigns (Easy Solutions Blog) On August 1st, US-CERT published an advisory titled, "TA15-213A: Recent Email Phishing Campaigns — Mitigation and Response Recommendations". One of the vulnerabilities leveraged in these new phishing campaigns is a use-after-free (UAF) vulnerability in Adobe Flash (CVE-2015-5119). This vulnerability is particularly interesting because it was leaked as a result of the hack and subsequent dump of HackingTeam's email and source code. What is interesting here is not the existence of the vulnerability, but how this case underlines the massively asymmetric situation that defenders find themselves in

Synack States That Tracking Systems of High-Tier Satellite is Vulnerable to Hacking (Hacked) There is a possibility that hackers will attempt to break into information systems through systems for satellite tracking. The details will be discussed in a hacking prevention conference which is coming up soon

Cyber attack: How easy is it to take out a smart city? (New Scientist) When is a smart city not so smart? With cities worldwide racing to adopt technologies that automate services such as traffic control and street lighting, many aren't doing enough to protect against cyberattacks

Social Engineering: 6 commonly targeted data points that are poorly protected (CSO) Now in its sixth year, the Social Engineering village at DEF CON has always been an interesting location. Each year the village hosts talks and interactive lessons on human hacking, but the major draw is the Social Engineering Capture the Flag contest

Why the password hackers never trigger an account lockout (Graham Clulely) I was chatting with a particularly astute 15-year-old this weekend (we can call him Jack, just for fun) and the conversation turned to computer security

Hacking Team leaks: We're not out of the woods yet (Malay Mail) Citizens and civil advocates may be reeling from the revelations that various governments, including those of Malaysia and Singapore, were using spyware from Milan-based Hacking Team, whose customers also include some of the most repressive regimes in the world

Recent Cyberattacks Only the Beginning, as State Hackers Target Data on Americans (Epoch Times) There is a new trend in cyberattacks, and recent breaches that stole tens of millions of records on Americans are just the beginning as state hackers shift their targets

5 most vicious cyberattacks on global governments (Computer Business Review) After a hack on the German federal prosecutor's office, we review other damaging hits

Cyber Trends

Business resilience lacking in most firms, finds Accenture (ComputerWeekly) Nearly two-thirds of companies are hit by cyber attacks daily or weekly, yet only a quarter always incorporate measures in their technology and operating models to make them more resilient, a survey shows

Smart gadgets from guns to cars ripe for hacking (Business Insider) Hackers are not just after your computer: connected devices from cars to home security systems to sniper rifles are now targets for actors looking to steal or cause mischief

The leading cause of insider threats? Employee negligence (Help Net Security) Employee negligence, which may be caused by multitasking and working long hours, can result in insider threats and cost companies millions of dollars each year. It can cost a U.S. company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error, according to the Ponemon Institute

89 percent people are careless with security of work files on mobiles, reveals survey (Mobiletor) 89 percent of people don't worry about the security of the work files stored on their mobile phones, according to the results of a survey by Kaspersky Lab and B2B International

Is the digital double posing as you stealing your cash? (BBC) When we go online to tweet, post, like, email or chat we surrender small pieces of our identity as we do so — a surname here, a nickname there, the name of our favourite pet

What's the state of your software? (Help Net Security) Cybercrime is felt by businesses up and down the country, with the Information Security Breaches Survey (ISBS) reporting that 81 per cent of large and 60 per cent of small businesses in the UK suffered a cyber-breach in 2014

Marketplace

Why Don't Defense Contractors Do Cyber? (Real Clear Defense) For all but Raytheon, a whole new realm of conflict seems disinteresting to industry

In Snowden's wake, crypto-startups take root in Germany (Christian Science Monitor Passcode) Tech entrepreneurs are seizing on the new attention to digital privacy and finding customers around the world in search of more secure tools for online communication

Ziften Digs Deep for Security Visibility (eSecurity Planet) Fresh off a $24 million funding round, security startup debuts ZFlow technology to connect the dots of security incidents

NICE-Systems Ltd. (NICE — $64.56*) Breaking News: NICE Announces Another Smart Divestiture; Maintain Outperform (FBR Blue Matrix) This morning, NICE announced the sale of its physical security business unit for up to $100 million, on the heels of its announcement to divest its cyber and intelligence division in May 2015. Importantly, management updated FY15 guidance and expects the sale to be non-dilutive to earnings in 2016

Products, Services, and Solutions

Privacy Concerns Arise With Windows 10 Release (Legaltech News) 'Unlike Microsoft's promise, the company's new 45 page-long terms of service are not straightforward at all'

Windows 10: Microsoft assumes your consent in sharing your Wi-Fi, even if you don't use Windows 10 (Graham Cluley) Imagine this scenario. A friend visits your house, and wishes to use your Wi-Fi

Broken Windows Theory (Slate) Microsoft's Windows 10 is a privacy nightmare. Here's how to protect yourself

Windows 10 uses your bandwidth to help strangers download updates (Graham Cluley) Have you updated your computer to Windows 10 yet?

Best-of-Class Collaboration Spells the End for Traditional Security Vendors (MarketWatch) Bay Dynamics®, the market leader in cyber risk predictive analytics, today announced a strategic technology alliance with Dtex Systems, a global insider threat protection company. The two companies will work together to streamline interoperability between their industry-leading solutions with the aim of solving broader enterprise security problems

Duo Security Enlists Neustar's IP Intelligence to Help Combat Identity Fraud (Benzinga) IP intelligence used to identify unauthorized users across devices and prematurely stop data breaches

Defending your network against APTs (Techgoondu) With cybersecurity on the agendas of corporate boardrooms today, the importance of securing critical data assets is now a strategic issue that is no longer just a matter for IT departments

Apple Watch can now receive password breach alerts from Dashlane (TechWorld) Supports one-tap password changing for 200 sites — but some big names are missing

Benseron Implements Comodo to Secure 20,000 POS Systems (Hospitality Technology) POS solutions innovator Benseron integrated technology from cybersecurity solutions provider the Comodo organization — specifically, its Comodo SecureBox containment technology — to help secure more than 20,000 Benseron point of sale units across the globe

Bit9 + Carbon Black Expands Industry's Most Open Threat Intelligence Solution (Nasdaq) New partnerships with AlienVault, BrightPoint Security, ThreatConnect, ThreatQuotient and ThreatStream bring joint customers the most open and comprehensive threat intelligence capabilities

Blue Coat Systems Launches Ecosystem for Sharing Endpoint Security Info (The VAR Guy) As security threats become more sophisticated and prevalent, companies are seeing the value in sharing information about threats instead of keeping it to themselves to help better protect the enterprise from unwanted intrusion

Menlo Security partners with Webroot in enterprise malware screening push (ZDNet) The partnership will expand the use of website isolation techniques to keep the enterprise safe from malware

Deloitte-Exelon Team to Help North American Utilities Implement NERC Cyber Defense Standards (ExecutiveBiz) Deloitte and public utility holder Exelon have forged a partnership to implement Critical Infrastructure Protection version 5 standards in an effort to protect North America?s bulk power system from potential cyber attacks

Facebook rolls out 'Security Checkup' tool to all desktop users (Naked Security) Facebook wants you all to have a safe experience on its social network, says Product Manager Melissa Luu-Van who, late last week, revealed how the Menlo Park firm was introducing a new security notification for its web-based users

Technologies, Techniques, and Standards

Succinct Reference To Key Airport Cybersecurity Threats/Attacks (Threat Brief) The Guidebook on Best Practices for Airport Security, produced under the auspices of the National Academies and the FAA, contains an interesting high level summary of key threat actions against airports. The list includes

Guidebook on Best Practices for Airport Cybersecurity (Transportation Research Board of the National Academies) Airports are vital national resources. They serve a key role in transportation of people and goods and in regional, national, and international commerce

Aligning Cyber Strategy to the Business (Tripwire: the State of Security) To quote Lewis Carrol, from Alice's Adventures in Wonderland: 'Would you tell me, please, which way I ought to go from here?' 'That depends a good deal on where you want to get to,' said the Cat. 'I don't much care where —' said Alice. 'Then it doesn't matter which way you go,' said the Cat

Automating Intelligence: Discovering Recent PlugX Campaigns Programmatically (Arbor Networks) One of the hardest things to do when you are receiving malware that have "anonymized" (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information about infected machines. To that end, I have been working on automating ways to help ASERT better understand the context around samples so we can answer question about what may have been targeted, why it was targeted and when it was targeted. This post will use the PlugX malware as an example (PlugX is well known and has had its various iterations analyzed many times), due in part to its ongoing activity and will focus on leveraging metadata from VirusTotal due to it being publicly accessible

Addressing the Continuing Challenges of Mobile Devices (Legaltech News) Organizations should develop a plan to tackle the data security, information retention, and e-discovery problems arising from mobile devices

Five steps to secure data after a breach (Deccan Herald) It is common to see hackers attacking companies and government agencies whose computer systems and exposing the personal data of millions of people. It is nearly impossible to keep personal information safe from hackers. With that depressing knowledge in hand, there are a few steps consumers can take to make it harder for hackers to exploit your data

Antivirus alone won't save you. Here's how to do security better (ZDNet) A Google security research paper published last week detailed the best safety practices that hundreds of security experts recommend. Antivirus software wasn't at the top of the list

How experts stay safe at the Black Hat security conference (USA Today) Pen and paper instead of a laptop. Cash instead of credit cards. Face-to-face chats instead of cell phones. That's the drill for the most cautious at two big computer security conferences taking place this week in Las Vegas

Hackers are Powerless with Zero Knowledge (Infosecurity Magazine) Every day hackers are being equipped for their next attack, as more and more users are trusting organizations with their personal information online. But with zero knowledge, hackers can be rendered powerless, says Steve Watts

Advanced 365 offers top tips on how to reduce data security risk (Bobs Guide) Biometrics and tokenisation among key technologies to combat cybercrime for financial services sector

Harvard CISO shares 5 pearls of IT security wisdom (Network World) Harvard University Chief Information Security Officer shares best practices, discusses BYOD and Internet of Things

Design and Innovation

Why the time is ripe for security behaviour analytics (ComputerWeekly) Recent months have seen an uptick in annoucements by security suppliers around behavioural analytics, but what is driving this trend?

Academia

Winners Announced for 2015 U.S. Cyber Challenge Western Regional Competition (US Cyber Challenge) U.S. Cyber Challenge (USCC) is proud to announce the winners of this year's Western Regional Cyber Camp competition, which was hosted at Southern Utah University (SUU). Last Friday morning, following a week of demanding classroom instruction, over 40 participants competed in the "Capture the Flag" (CTF) competition. The "Capture the Flag" competition can be described as an interactive college final where teams are tested on skills that an information security professional should know thoroughly. The winners included Norman Lumdt, Eric Harashevsky and Nick Landers

UWF to hold cybersecurity camp (Pensacola News Journal) The University of West Florida Department of Computer Science and Center for Cybersecurity will host an Air Force Association CyberCamp from Aug. 4-8

IBM, RIT Team on Cyber-Security Training (eWeek) IBM extended its ongoing relationship with the Rochester Institute of Technology by partnering on a program to advance cyber-security education

Fort Gordon Connection: GRU prepares for first year of new Cyber Institute (WAGT26) With the recent news that Fort Gordon was chosen as the new headquarters for the US Army Cyber Command, the CSRA is not wasting any time preparing for the influx of people that it will bring along with it. And at Georgia Regents University, they're using this news to their advantage in a different way

Legislation, Policy, and Regulation

Kenya Needs to Invest in Innovation to Ensure Data Security, Says Ndemo (All Africa) Dr. Bitange Ndemo has emphasized on the need for the country to invest in innovation to ensure security of data and information

Cybersecurity Bill Faces Time Crunch as Recess Approaches (National Journal) Unless a deal is struck, amendments could slow the bill's progress and hinder its chances of passing before the end of the week

The Homeland Security Department Issues a Big Warning About the Senate's Cyber Bill (National Journal) DHS said Monday that the Senate's cyberinformation-sharing bill would "sweep away important privacy protections"

DHS Secretary OKs Bill to Monitor Federal Networks (Nextgov) An Obama administration top official has endorsed bipartisan legislation that would allow the Department of Homeland Security to surveil public Internet traffic on government networks

Data Breaches: Should Companies Collecting Personal Info Have Heightened Security? (Government Technology) As the nature of data breaches swiftly evolves from stolen PIN numbers to stolen identities, befuddled consumers and appalled industry insiders alike are raising questions about how institutions are protecting the data entrusted to them

Is hacking back a cyber-theft deterrent option? (FCW) A new report from the Hudson Institute on economic espionage in cyberspace reflects a shifting conversation in Washington from passive to proactive cyber defense — to the point of suggesting that an "Economic Warfare Command" be set up at the Treasury Department for using offensive coercion against adversaries

Government digital chief Mike Bracken announces he is leaving (ComputerWeekly) GDS director Mike Bracken is leaving government, and his unexpected departure will inevitably raise questions about the future of GDS

IARPA gets new director (C4ISR & Networks) Jason Matheny, director of the Office for Anticipating Surprise at the Intelligence Advanced Research Projects Activity, has been picked to take over as director of IARPA, according to an announcement from the Office of the Director of National Intelligence issued Aug. 3. The appointment is effective immediately

Litigation, Investigation, and Law Enforcement

German Officials Suspend Treason Inquiry of Bloggers, but Public Still Seethes (New York Times) Not since the reunification has Germany raised serious allegations of treason against a journalist, so it shocked many here when two leading digital rights bloggers found themselves under official investigation on that charge for publishing secret government documents

Bitcoin Exchange Founder Arrested in Japan for Alleged System Manipulation (Legaltech News) Mark Karpelès allegedly used Mt. Gox's systems to inflate the company's worth on the lead up to bankruptcy

MLB, Tour de France Breaches Provide Cybersecurity Warnings for Sports Organizations (Legaltech News) Stopping data breaches in sports organizations begins with trade secret education, says cybersecurity expert and former DOJ prosecutor Peter Toren

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

Upcoming Events

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.