skip navigation

More signal. Less noise.

Daily briefing.

US Joint Staff email service, taken offline when a network intrusion was detected, was restored last week. Russian intelligence services remain the principal suspects.

American Airlines and reservation-software shop Sabre disclosed a hack at the end of last week. Investigation over the weekend suggests a Chinese intelligence operation.

Among the Hacking Team breach's leaks are documents suggesting Ecuadoran government surveillance of political opposition. ZeroFOX shares with CSO the lessons it believes one should draw from the entire Hacking Team affair, principally the centrality of social engineering to successful campaigns.

UK mobile retailer Carphone Warehouse is breached, with some 2.4 million customers affected.

Three known vulnerabilities are exploited in the wild: Firefox's pdf viewer's susceptibility to Same-Origin-Policy bypass (enabling credential theft and data exploitation — spread by malvertising), the iOS Masque bug (afflicting even non-jailbroken iOS devices — an emailed link is the typical vector), and the much-reported Android Stagefright vulnerabilities. All users are urged to patch quickly. IBM's Security Intelligence blog wonders whether issues like Thunderstrike 2 and Yosemite's possible rootkits represent the leading edge of a coming storm of Mac exploits.

Satellite television, widely used in Europe and Africa, strikes observers as fertile botnet ground.

TechCrunch is in a cyberpunk mood, offering a rundown of state cyber security services ("the thin black line") and pointing out the growing importance of hacktivism as a motive for cyber crime.

The EU polishes up final versions of network protection and infosec directives.

Lawfare suggests crypto wars are as much philosophical as they are technical.

Notes.

Today's issue includes events affecting Brazil, China, Ecuador, European Union, Germany, India, Russia, Saudi Arabia, Singapore, South Africa, Turkey, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

U.S. Official: Hack Looks 'State Sponsored' (Chosun Ilbo) The hack into the Pentagon's Joint Chiefs of Staff email network has "all the hallmarks of a state-sponsored attack," a defense official told VOA

Reuters: Russia prime suspect in cyber attack against US military (Reuters via Kyiv Post) Russia is the leading suspect in a sophisticated cyber attack on the unclassified email network of the U.S. military's Joint Staff that prompted the Pentagon last month to restrict access to portions of that network, U.S. officials said on Aug. 6

American Airlines, Sabre Said to Be Hit in China-Tied Hacks (Bloomberg) A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation's air-travel system, say people familiar with investigations of the attacks

China-linked hackers reportedly hacked American Airlines and Sabre systems ([it]decs) Sabre said in a statement Friday, 'We recently learned of a cybersecurity incident, and we are conducting an investigation into it now'

Report: Ecuador's intelligence agency illegally spied on opposition activist (Fox News Latino) Ecuadorean opposition activist Dr. Carlos Figueroa was hacked by the country's domestic intelligence agency, according to an investigation conducted by the Associated Press

Looking for lessons in the aftermath of the Hacking Team incident (CSO) Salted Hash talks with Ian Amit from ZeroFox about the aftermath of the Hacking Team incident

Carphone Warehouse data breach hits 2.4 million UK customers (ComputerWeekly) Carphone Warehouse confirms the authorities have been notified about the breach, and urges customers to take steps to protect themselves

File-stealing Firefox bug exploited in the wild, patch immediately! (Help Net Security) A critical Firefox vulnerability has been spotted being exploited in the wild

Firefox zero-day hole used against Windows and Linux to steal passwords (Naked Security) These days, Firefox updates usually just happen and you don't think too much about them

Apple iOS Masque bug under active exploit (IT News) Hackers have discovered a way of attacking non-jailbroken iOS devices through the previously disclosed Masque attack, allowing the installation of malware using compromised versions of popular apps

New Mac Security Threats: The Perfect Storm? (IBM Security Intelligence) It's common wisdom: Mac security is inherently superior to that of Windows and other PC operating systems. Many users credited Apple's tightly controlled application and development environment for this improved protection, but in recent years security researchers have suggested a storm of malicious attacks may be on the horizon. Now, a pair of Mac security threats — Thunderstrike 2 and a new zero-day privilege exploit — have darkened user skies. Is this the end of Apple's vaunted security superiority?

Attackers could take over Android devices by exploiting built-in remote support apps (Tulane Hullaballoo) We're all impatiently waiting to know what the Nexus duo this year will be all about. Thankfully hot devices are prone to gossip, in the form of alleged specs, to keep our anticipation at bay. Today, GizmoChina may have given us a clearer picture of both the LG and Huawei Nexus, depending on how much salt you like to take with your rumors

Internal LTE/3G modems can be hacked to help malware survive OS reinstalls (IDG via CSO) With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device

Problematic protocol that directs all Web traffic finally gets attention (Christian Science Monitor Passcode) Security professionals have long overlooked Border Gateway Protocol, one of the most insecure parts of Internet infrastructure. But this year it was the subject of three talks at the Black Hat security conference in Las Vegas

Millions of Satellite Receivers are Low-Hanging Fruit for Botnets (Hackaday) Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets

Google profits from YouTube RAT infestation, says consumer group (Naked Security) YouTube has thousands of videos that offer tutorials on how to use remote access Trojans (RATs) and how to spread them to other devices, as well as examples of RATs that have been used to take over "slave" webcams that display victims' faces and IP addresses, an online consumer protection group says

The Latest Trends in the Russian Underground — H1 2015 Summary (SenseCy) It is summer in Russia, and the time of the year when people head to the seaside on vacation for a couple of weeks' break. The decline in activity can be clearly seen on the Russian-speaking forums and marketplaces dealing with cybercrime. Apparently, cybercriminals also take a rest from their online activities, just as they would from a regular full-time job. For us, it is the best time to perform a deep analysis of the main trends in the Russian underground boards during the first half of 2015. When preparing the insights from this analysis, our goal was to identify the main scope of interest on closed, Russian-speaking forums these days, as well as to pinpoint the shifts that have occurred in the last six months

BlackHat 2015: Industrial hacking: the untold story (ComputerWeekly) Hackers have been penetrating industrial control systems for at least a decade for extortion, yet little is known about how they gain access

20,000 NHS Wales PCs still running Windows XP from beyond the grave (We Live Security) Windows XP, as regular readers of We Live Security will know, was supposed to have breathed its last on April 8th 2014, when Microsoft stopped supporting it

Security Experts Reveal How a Tesla Model S Was Hacked (Hollywood Reporter) A breach allowed a Model S to be remotely controlled from an iPhone

Hackers broadcast porn on TV screens at Brazil bus depot (AFP via Yahoo!) Hackers infiltrated the travel information video screens at a Brazilian bus station and replaced arrival and departure times with hard-core porn

Bulletin (SB15-222) Vulnerability Summary for the Week of August 3, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Critical Firefox Update Today (Internet Storm Center) The good folks at Firefox have released their latest version, 39.0.3, in response to vulnerability CVE-2015-4495, which has been seen in the wild and allows an attacker to read and steal sensitive local files. The vulnerability takes advantage of the interaction between the JavaScript context separation and the PDF Viewer. The exploit works by injecting a JavaScript payload into the local file context, which allows it to search and upload local files. Mozilla products that do not contain the PDF viewer are not vulnerable, as well as Mac systems

Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025 (US-CERT) US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025 (link is external). Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from their environment. An attacker may decrypt these passwords and use them to gain escalated privileges. US-CERT strongly recommends that administrators employ the PowerShell script provided in Microsoft Knowledge Base Article 2962486 (link is external) and follow the included instructions for clearing all "CPassword" preferences from their environment

Google Disables Inline Installation of Chrome Extensions for Deceptive Developers (SecurityWeek) Google has decided to disable inline installations for Chrome extensions whose developers use deceptive tactics to trick users into installing their products

FireKing patch secures Brinks safe against hacks featured in media reports last week (PR Newswire) FireKing Security Group said today that researchers from security firm Bishop Fox tested a year-old solution to a hack into a Brinks Galileo safe and found that it effectively addresses the issue referenced in widespread media reports last week

Facing Stagefright, Google, Samsung, LG all commit to pushing monthly security patches for Android devices (FierceMobileIT) It's not yet clear what other OEMs or carriers will do with the updates

Stagefright: Will mobile makers now release monthly security updates? (IT Pro Portal) Stagefright took the Android world rather by surprise. As well as catching the industry with it pants down, it highlights a problem of mobile security: it's just not taken seriously enough. In response to the Stagefright vulnerability, both Samsung and Google announced new monthly security update cycles

Cyber Trends

Hacking For Cause: Today's Growing Cyber Security Trend (TechCrunch) What do the following data-breach headlines from the past year have in common? The Sony Pictures hack: Everything we know so far; Anonymous hackers release emails ordering bear cubs be killed; Hackers threaten to release names from adultery website; How Latest Snowden Leak Is Headache for White House; How DID hackers steal celebrities' private iCloud photos? Connecting the dots yet? If not, here are a two more headlines to tip you off: Hackers Remotely Kill a Jeep on the Highway — With Me in It and Hacktivists taking aim at Dallas-Fort Worth police departments

The Thin Black-Clad Line (TechCrunch) We live in a cyberpunk novel. Every major nation-state clandestinely develops (and/or purchases) carefully targeted malware, and constantly probes — or penetrates — other nations' defenses while desperately evaluating their offensive capabilities. Criminal undergrounds ransom ordinary users' computers for bitcoin. Fortune 500 companies are breached almost monthly

Windows 10's privacy policy is the new normal (Ars Technica) Big data and machine learning are going to be used everywhere, even our operating systems

IT security staff have a job for life — possibly a grim, frustrating life (Register) Black Hat founder warns of coming crisis

The Pwnie Awards — 2015 Edition (Lumension Blog) On August 5th Black Hat participants gathered at the Mandalay Bay for the 2015 annual presentation of The Pwnie Awards. The Pwnie Awards began in 2007 and have honored the most magnificent achievements and failures of the information security industry ever since. The winners aren't [yet] posted on the official pwnies website. There has been some media coverage of a few of them, but I haven't yet seen a single comprehensive list of winners — so here it is. Get patching!

Vulnerabilities in 2015: 0-days, Android vs iOS, OpenSSL (Help Net Security) Secunia has taken an early peek at the trend in vulnerabilities for 2015, and has presented the results at Black Hat USA 2015. Seven months into the year, the number of detected zero-day vulnerabilities has risen substantially compared to 2014, while the total number of vulnerabilities is largely the same as this time last year

Disrupting trust models: An evolution in the financial services sector (Help Net Security) The way we interact with service providers — whether travel organisations, music suppliers or retailers — has changed to be almost unrecognisable from five years' ago. From Uber to Spotify to Airbnb, digital disruptors have shaken up the status quo, breaking traditional business models to respond to a consumer that is online, globally connected, and mobile. The heavily regulated financial services sector, under intense scrutiny following the 2008 crisis remained immune to this disruption for longer than other industries. However, new entrants are now driving innovation in this sector, forcing banks to keep pace with an extraordinary pace of change

CFOs See Cyber and Malicious Attacks as Major Threats, Lack Preparedness (Wall Street Journal) Concerns about cyberattacks and other malicious attacks, including terrorism and tampering, are broad-based among CFOs, according to Deloitte's second-quarter 2015 CFO Signals™ survey, with about 25% of CFOs claiming they are insufficiently prepared for each. The survey tracks the thinking and actions of CFOs representing many of North America's largest and most influential companies

The evolution of cybercrime: From Julius Caesar and Prince Philip to state-sponsored malware (International Business Times) If you hold valuable information, there will always be criminals looking to steal it to exploit it for financial gain or competitive advantage. And Cybercrime itself is often misunderstood, with many believing it to mean the theft or fraudulent activity of financial data. However, cybercrime encompasses any information of value to an individual that a criminal can exploit for their own financial gain. Therefore, this can be customer data, intellectual property or personally identifiable information as well as financial data

How Fiction Can Reveal the Horrors of Future Wars (Wired) The Power of What Ifs. Our new book Ghost Fleet: A Novel of the Next World War explores something quite scary: the risks of war breaking out between the US and Russia and China

Marketplace

What Every Company's Board Must Know About Cybersecurity (JDSupra) In recent years, data breaches at some of the world's largest corporations have made news. But smaller companies are just as vulnerable, and must take steps to protect their data. In addition, businesses that serve as vendors to other businesses face increased scrutiny of their cyber preparations. The board of directors plays a critical role in this effort, as Jo Cicchetti, Chair of the Carlton Fields Jorden Burt Data Privacy and Cybersecurity Task Force, explained during a recent conversation

Smoke and Mirrors: Cyber Security Insurance (SecurityWeek) Data breaches have become a daily occurrence. However, their cost to organizations goes far beyond reputational damage in the media. Boards and businesses are subject to regulatory mandates that carry fines and capital holds, and increasingly face litigation from class-action suits. Cyber security insurance has emerged as a stop-gap to protect stakeholders from the shortcomings of siloed risk management processes. However, insurance policies are not a replacement for improving a company's cyber security posture. So what do you need to know when it comes to the effectiveness of cyber security insurance?

BUZZ-Dixons Carphone: shares weakened by cyber attack (Reuters via Yahoo! Finance) Electrical goods & mobile phone retailer Dixons Carphone (Stuttgart: CWB.SG - news) falls after IT systems breach

Want To Secure Long-Term Profits? Buy CyberArk Ahead Of Earnings (Seeking Alpha) CyberArk's proprietary solutions — which are in high demand — have tons of money-making potential. There are no signs of slowing down, given how quickly the average analysts fiscal year 2015 revenue estimate has climbed. CYBR stock should be owned, especially given how hot security stocks have become

Fortinet hits security market milestone (Channellife) Fortinet has shipped more security appliances each year than any other vendor since 2013, and has the largest market share of combined appliance shipments since 2012

Products, Services, and Solutions

NSS Labs Announces Results From Breach Detection Systems Test (NSS Labs) NSS Labs, Inc., the world's leading security research, testing, and advisory company, today released the results from its Breach Detection Systems (BDS) group test which evaluated eight of the leading BDS vendors — Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro — for security effectiveness, performance, and total cost of ownership

Ello ads pan online targeting. Here's what experts say about its privacy practices (Christian Science Monitor Passcode) The upstart social media site launched an ad campaign on Facebook this summer to draw attention to online targeting and promote itself as an ad-free network. Yet, experts have questions about Ello's own privacy practices and safeguards

EFF's Privacy Badger prevents users being tracked online (Help Net Security) The Electronic Frontier Foundation has finally released version 1.0 of Privacy Badger, a browser extension that blocks some of the sneakiest trackers that try to spy on your Web browsing habits

Hackers show off long-distance Wi-Fi radio proxy at DEF CON (IDG via CSO) HamSammich doesn't generate a clearly visible signal that can easily be tracked

Technologies, Techniques, and Standards

Worried about Stagefright? Here's what you can do for now (Android Authority) Android vulnerabilities have been surfacing regularly over the past couple of years. They stir up talk — usually some rather alarmist posts by security companies and a flurry of comments on various tech blogs. But then something interesting happens — the scares just fade away, replaced by other alerts, to the point that worrying about (in)security has become the norm in the Android ecosystem

Mitigating OPM Breach's Damage to National Security: The Potential of Big Data (SIGNAL) An area where officials should concentrate investigative focus just might come as a surprise, writes guest blogger Bryan Ware

The NSA Playset: 5 Better Tools To Defend Systems (Dark Reading) Using the NSA ANT Catalog as a model, security researchers learn about new attack techniques and technology

Riskware: What's the Risk? (BreachAlarm Blog) Malware comes in many different flavours — none of which you're going to want on your machine

To Thwart Attackers, Measure What Matters (SecurityWeek) For years the security industry has been focused on measuring the percentage of blocked attacks as a means to demonstrate security effectiveness. And that still holds true. The more threats we block, the fewer we have to deal with inside the network. We must continue to innovate and work diligently to get that number as close to 100 percent as possible. But that's the catch

Getting BYOD right (Help Net Security) According to a survey conducted by Kaspersky Lab in conjunction with B2B International, around half of the consumers surveyed also use their devices for work. However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device

'No emails, no phones, nothing': How Saudi Aramco — the world's biggest oil company — survived a debilitating cyber attack (Arabian Business) An independent cyber security consultant has described how Saudi Aramco had to get by on typewriters and paper, after the August 2012 cyber-attack that disabled more than 30,000 of the company's workstations for almost two weeks

Protect your data: Top ten "need to know" security tips (IT Pro Portal) With breaches happening on an almost daily basis, it's critical to establish rules and processes to keep your data safe and secure

Security: The Best in Practice (Dark Matters) If we are charged with designing, architecting, implementing, deploying, integrating, training and supporting security technology, processes and policies within our organization, we might discover that this work is really an art more than a science

Theat Intelligence: Collecting, Analyzing, Evaluating (MWR Infosecurity) Threat intelligence is rapidly becoming an ever-higher business priority. There is a general awareness of the need to 'do' threat intelligence, and vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products

Design and Innovation

Does too much technology make a car artificial? (Ars Technica) Tech is changing the car, and not everyone is happy with where things are going

Here's how Tesla will win the coming hacking wars in the auto industry (Business Insider) Hacking has suddenly become a big concern in the car business. Hackers showed a Wired reporter how they could remotely take control of a Jeep, and now another hacker has revealed how to gain access to a Tesla Model S. Hackers have revealed a vulnerability in General Motors' OnStar system. Where will it end?

Cities must be secure, not just smarter and safer (Information Age) Plenty has been discussed as to if smart cities will be a firm reality, and how indeed a smart city might 'look'. But what of the security elements to be considered?

The Ongoing Frustration of Vulnerability Management (Tenable) Working at an unnamed large bank and as faculty at IANS, Alex Hutton (@alexhutton) admits his biggest challenge with vulnerability management is the removal of false positives, and getting the business to act on the vulnerabilities they're responsible for

Research and Development

Research Spotlight: Detecting Algorithmically Generated Domains (Cisco Blogs) Once a piece of malware has been successfully installed on a vulnerable system one of the first orders of business is for the malware to reach out to the remote command-and-control (C&C) servers in order to receive further instructions, updates and/or to exfiltrate valuable user data. If the rendezvous points with the C&C servers are hardcoded in the malware the communication can be effectively cut off by blacklisting, which limits the malware's further operation and the extent of their damage

Hackers to Military: Replace Us With Robots? Ha! (Defense One) Next year's Cyber Grand Challenge event will pit humans against machines in a grand hacking war. DEF CON's war gamers like their chances

Air Force Study Shows Potential, Limits of Quantum Tech (Defense News) As the Pentagon seeks to maintain a technological military edge over the rest of the world, the potential of quantum technology is tantalizing

Academia

Cyber Ed: How higher education is re-evaluating a growing threat (PRI) On college campuses across the country, a growing challenge is cyber security. That's because colleges and universities tend to have open networks containing lots of information, making them vulnerable targets. Despite repeated warnings, colleges aren't adapting quickly enough to today's threats

IBM, Temasek Polytechnic to train cyber security professionals for Singapore (Enterprise Innovation) The opening of the Temasek Polytechnic-IBM Security Operations Centre (SOC) will pave the way for the training of 500 Singapore students to fight cybercrime in the next five years

Legislation, Policy, and Regulation

Time for a comprehensive cyber security strategy (Times of India) Issuing gun licences and training IT employees may not be enough to tackle cyber war; the need of the hour is preparing a comprehensive cyber strategy to encounter the new-age global war

EU Nears Finalization of Network and Information Security Directive (Legaltech News) The directive would impose disclosure requirements for companies following a breach

Congress's Cybersecurity Plan Has Some Major Flaws (Think Progress) After being flooded with millions of faxes and phone calls, the U.S. Senate postponed voting on the controversial cybersecurity bill that privacy advocates warn could be a backdoor to more government surveillance

Consumers need a new legal right to control personal data (Los Angeles Times) Most American Internet users grasp this Silicon Valley truism: "If you're not paying, you're the product." We gain "free" services and conveniences by yielding our personal information, which in turn is sold or traded to all sorts of interested parties. Those parties exploit this information to determine what products to pitch us, on what terms. Consumers may find the results attractive, especially if they don't know what they're being denied based on their data. But for privacy advocates, trading free services for unconstrained and uncompensated use of personal information is a nightmare

Five Hard Encryption Questions (Lawfare) Over the past few weeks, I have been up to my neck in encryption

OPM breach a shadow over Homeland Security's appeals to security pros (Christian Science Monitor Passcode) The Deputy Homeland Security Secretary urged attendees of the Black Hat conference not to let the massive government breach foil plans for improving information sharing about cybersecurity threats between the private sector and the government

Black Hat 2015: DHS deputy says 'just trust us' (ChannelWorld) The deputy head of the Department of Homeland Security implored a group of skeptical security pros at Black Hat 2015 to share information about security incidents and to trust the government to keep it safe

Why transparency can be a dirty word (Financial Times) Demands for certain kinds of openness have hurt government effectiveness, writes Francis Fukuyama

Marcel Lettre Nominated for Defense Intell Undersecretary Post (ExecutiveGov) Marcel Lettre, acting defense undersecretary for intelligence since May, has been nominated to serve in the role on a full-time basis, the White House said Wednesday

Litigation, Investigation, and Law Enforcement

Tech Firm Ubiquitie Suffers $46M Cyberheist (KrebsOnSecurity) Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers

Hacker Kingpin Extradited to the United States, in Plea Talks with Authorities (Tripwire: the State of Security) Back in December of 2014, The State of Security first reported on the story of Ercan "Segate" Findikoglu, a 33-year-old Turkish man who is accused of having stolen over $60 million as part of a number of card heists in the United States. At the time of our reporting, Germany had denied Findikoglu's extradition to the United States based upon different laws governing jail time for hackers. The accused has since been extradited to the United States and is currently in plea talks with federal authorities for the crimes he committed

Super cellphone spying machine in SA used to rig government tenders (My Broadband) Following the recent arrest of two men by the Hawks over the possession and use of a cellphone spying machine, details have emerged as to what the device was used for

Facebook tax refund scam earns Arizona woman 6 years in jail (Naked Security) An Arizona woman has been sent to jail for six years for masterminding a tax rebate scam which used Facebook to find and target unemployed people for identity theft

Want to download free AV software? Don't have a Muslim name (Register) Reg reader struggles to gain Sophos protection thanks to export laws

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

SINET Showcase 2015: "Highlighting and Advancing Innovation" (Washington, DC, USA, November 3 - 4, 2015) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators...

Upcoming Events

3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.