skip navigation

More signal. Less noise.

Daily briefing.

Hacktivists hit Saudi government websites with familiar more-in-sorrow-doing-this-to-inspire-better-security vandalism.

Software vendors continue to mop up last week's various disclosed vulnerabilities: OS X zero-days, imperfectly patched Android bugs, Dropbox issues, and firmware/bloatware problems.

Onapsis reports vulnerabilities in SAP Mobile.

The gang thought responsible for the recent Yahoo! malvertising campaign resumes activities and targets AdSpirit, thereby infecting many much-visited sites (among them Drudge, Weather Underground, and NetZero). Claims that "another billion+ users" are being targeted are breathlessly made, but the malvertising is undeniably a nuisance.

Also a nuisance is evolved distributed denial-of-service technique. BitTorrent seems to empower lone-wolf DDoS perpetrators, and a decline in search-engine impersonation is apparently not the feel-good story one might think. Krebs has an interesting piece on active interference with the DDoS criminal market.

The value of stolen Uber credentials continues to fall on the criminal market: they're now said to be worth forty cents a pop. Fortune looks at how cyber criminals are paid (Fortune leads with the insight that hackers don't receive Forms 1099, which suggests the contrarian conclusion that Fortune sees commonalities between criminal and capital gains) and sums the problem up as essentially one of fencing stolen goods. That problem lends itself to a wide variety of solutions highly dependent on local conditions.

Businesses increasingly add cyber experts to their boards. In the US, NSA serves as a cyber business incubator.

"Disgruntled" former employees say Kaspersky duped rivals into higher false-positive rates. Kaspersky dismisses the accusations as misrepresentation of an innocent, fully disclosed, experiment.

Notes.

Today's issue includes events affecting Australia, Bahamas, China, Dominican Republic, European Union, Israel, Italy, Jamaica, Russia, Saudi Arabia, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Hackers Target Saudi Government Websites with "Good Intentions" (HackRead) A group of hackers going with an online "Cyber of Emotion" hacked Saudi websites with "good intentions"

Italian teen finds two zero-day vulnerabilities in OS X (IDG via PCWorld) An Italian teenager has found two zero-day vulnerabilities in Apple's OS X operating system that could be used to gain remote access to a computer

Onapsis Uncovers Three New "High Risk" Vulnerabilities Affecting SAP Mobile (Onapsis) High-profile cyber-risks reveal unauthorized users could decrypt and modify sensitive configuration values used by SAP business applications putting Fortune 1000 companies at risk

Massive Malware Campaign Targets Another Billion+ Users (Infosecurity Magazine) The same cyber-crooks behind the recent malvertising attack on Yahoo! are at it again — this time, targeting AdSpirit, and infecting Drudge Report, Weather Underground, NetZero and other websites with malicious ads

Analysis of a piece of ransomware in development: the story of 'CryptoApp' (0x3a) Ransomware sure has had an uptick the past years; more and more variants appear while some have been leading the pack for the past years. This article is on a new 'strain', it dates to March this year from what I can tell. I haven't seen any write-up or info about it yet (nor had any major incidents at $dayjob or heard of it from any other analysts). From what I can tell its still under development, this article will tell the story of this ransomware

How BitTorrent could let lone DDoS attackers bring down big sites (Ars Technica) uTorrent, Mainline, and Vuze most susceptible to DoS abuse, researchers say

2015 Q2 DDoS Threat Landscape Report: The Downside Of The Decline Of Search Engine Impersonator Bots, And What It Means For DDoS Attacks (Young Upstarts) On the surface, the news that the use of search engine impersonator bots is down from 57% of all DDoS bot traffic in 2014 to a miniscule 0.9% in 2015 seems like good news. However, if life hasn't yet taught you to always look for the downside, then welcome to lesson number one

Stress-Testing the Booter Services, Financially (KrebsOnSecurity) The past few years have witnessed a rapid proliferation of cheap, Web-based services that troublemakers can hire to knock virtually any person or site offline for hours on end. Such services succeed partly because they've enabled users to pay for attacks with PayPal. But a collaborative effort by PayPal and security researchers has made it far more difficult for these services to transact with their would-be customers

PayPal Customers Hit with 'Changes to Legal Agreements' Phishing Scam (HackRead) A PayPal phishing scam can be tricky, but don't worry all you need to do is keep your eyes open and do what we tell you

UVa Completes Upgrades to IT Systems After Cyber Attack (Newsplex) The University of Virginia has completed a security upgrade to its IT systems after a cyber attack earlier this week, according to UVa officials

Carphone data breach is a wake-up call for consumers (Financial Times) Consumers have been urged to step up online security following a cyber attack affecting 2.4m customers of Carphone Warehouse who have been told that personal information and bank details may have been stolen by hackers

Keyless Security Not So Secure (InformationWeek) A suppressed security paper shines a light on the shortcomings of the cryptography used to protect keyless vehicle access systems

ESCGS to urge industry to safeguard against cyber attack during LISW (Hellenic Shipping News) ESC Global Security is set to warn the international shipping community attending this year's London International Shipping Week (LISW) of the security risks associated with the development of the autonomous ship. In its paper titled 'Phishing and Piracy on the Cyber Seas', to be presented during LISW Week at the Fathom-organised Ship Efficiency conference, ESCGS's Head of Cyber Security, Joseph Carson, will urge the industry to address the risk of a maritime cyber-attack, which could leave the unmanned ship losing its ability to navigate or, in the worst case, be controlled by third parties for illicit purposes

Cracked Uber accounts tumble to 40 cents on the dark web (Naked Security) Remember those cracked Uber accounts that were selling for as little as $1 on the dark web a few months ago?

How do hackers actually get paid for their services? (Fortune) Cyber-crooks don't receive 1099 forms or pay taxes like other freelancers. Instead they're paid in clever and often nefarious ways

Bulletin (SB15-229) Vulnerability Summary for the Week of August 10, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Android's Stagefright Flaw Returns, Google Issues Patch (eWeek) Google last week claimed it had fixed the Stagefright flaw, but it is back. Or did it ever actually really get fixed in the first place?

Choc Factory patches zero day Google for Work hack hole (Register) Sysadmins told to lock down their Androids, also stop downloading random stuff

Users Urged To Update After IBM Finds Security Flaw In Android's SDK Dropbox (VC Post) Android users are urged to update after IBM finds major security vulnerability in its Dropbox software development kit (SDK). The security vulnerability, named CVE-2015-3825, was uncovered by IBM's elite X-Force Application Security Research Team. It affects more or less half of Android versions 4.3 to 5.1 and can be taken advantage with the proliferation of a mobile malware

ASUS ZenFone 2 update patches Stagefright vulnerability, adds many improvements (Android Authority) Every manufacturer is working on sending out patches for the Stagefright vulnerability, but so far everything we have seen is very much focused on that specific issue. ASUS is not wasting time as they release the patch update for the ZenFone 2, along with plenty of other improvements

Apple fixes a bucketload of vulnerabilities in everything (Help Net Security) Apple has pushed out updates for OS X Yosemite, OS X Server, iOS and Safari, fixing a bucketload of critical and less critical vulnerabilities

Microsoft Drops Another Windows 10 Update (TechCrunch) And then there were three. Earlier this week, Microsoft released a new set of updates for Windows 10 for the third time since the operating system formally debuted in late July. Windows 10 is Microsoft's attempt to build a single operating system that can function on devices of any size, or input variety

Lenovo does it again as LSE component removed after security fears (Guardian) Chinese company releases firmware update after fears new problem software could, as with Superfish, be used to let hackers access vulnerable computers

Cyber Trends

Black Hat, Data Science, Machine Learning, and… YOU! (Dark Reading) The time has come for security pros to start honing in on their machine learning skills. Here's why

Five principal cloud security challenges (Help Net Security) In our technology driven world, security in the cloud is an issue that should be discussed from the board level all the way down to new employees. CDNetworks takes a look at some of the key challenges

Internet of Things — New security and privacy challenges (Elsevier) The Internet of Things, an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders. Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable. The contents of the respective legislation must encompass the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT

Cyber Security Threat Grows As Hackers Become More Innovative (E&P) At 1:48 p.m. Aug. 1, 2012, Walter Energy Inc. submitted a press release to a newswire service announcing its quarterly results — just more than two hours before the news was made public

Administrators Continue to Fail in Securing Databases by Using Proper Configs (Softpedia) Security experts at BinaryEdge have analyzed how developers and system administrators configured different technologies and have found out that most of them fail to change the default configuration, which leaves their servers open to outside intrusions

New Threats To Caribbean Cyber Security (Jamaica Gleaner) Cybersecurity incidents continue to rise. According to PwC's Global State of Information Security Survey 2015, attacks rose internationally by 48 per cent in 2014, resulting in huge remedial and reputational costs to the companies and governments concerned

Marketplace

Companies hope cybersecurity experts in the boardroom can counter hacks (Los Angeles Times) The board of directors at construction and engineering company Parsons Corp. needed to fill a seat two years ago

US National Security Agency feeds big appetite for security start ups (Financial Review) Skilled engineers charged with tracking weapons of mass destruction in the Middle East, US government-backed cyber attackers and even the general who led the National Security Agency have all left the organisation to launch their own cyber security start-ups

Cyber hacks are 'single largest threat to our way of life,' according to Cambridge investor (Boston Business Journal) Cambridge venture partner Chris Lynch is serious about cybersecurity

Will Post-Split Symantec Go More Direct With Managed Services? (MSPmentor) In a not-unexpected reversal of one of the highest-value blockbuster tech acquisitions of all time, Symantec (SYMC) this week announced that it would be sell off its Veritas Info Management Business to private equity firm The Carlyle Group in an $8 billion deal. Here's what it will mean to MSPs

Analysts Recommend Cybersecurity Stocks After Recent Underperformance (TheStreet) Analysts at Piper Jaffray and Wells Fargo this morning are highlighting names in the cybersecurity space as attractive investments. With the Q2 reporting season now over, the firms are recommending the shares of CyberArk Software (CYBR), Barracuda Networks (CUDA) and Fortinet (FTNT), among others

FireEye Sees Large Increase in Short Interest (FEYE) (Dakota Financial News) Shares of FireEye (NASDAQ:FEYE) saw a large growth in short interest during the month of July. As of July 31st, there was short interest totalling 18,561,173 shares, a growth of 6.6% from the July 15th total of 17,411,190 shares, Marketbeat.com reports. Based on an average daily volume of 6,999,078 shares, the days-to-cover ratio is currently 2.7 days. Currently, 15.0% of the shares of the stock are short sold

Report claims Kaspersky faked malware to trip up competitors' products (Ars Technica) Anonymous former employees: company sought to punish rivals for "stealing"

Kaspersky Lab statement on the Contrary to allegations made in a Reuters news story (Hans India) Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted

Human Rights Violation? Hacking Team CEO Says No (Inquisitr) Human Rights Watch (HRW) has accused Italian technology company Hacking Team of violations of human rights in Ethiopia. HRW is a nongovernmental advocacy group that seeks to expose offenders of the Universal Declaration of Human Rights that was (UNDR) adopted by the UN. Hacking Team offers remote surveillance services to large entities such as governments and corporations

Opinion: Why bug hunting security researchers are Digital Age heroes (Christian Science Monitor Passcode) Comments from an Oracle executive disparaging the work of security researchers misunderstands their value and ethic. While hackers poking around in code may irritate software companies, their work has made computers safer for everyone

Lockheed wins DHS cyber accreditation (Washington Technology) Lockheed Martin this week became the first non-telecom company to earn a commercial service provider accreditation from the Homeland Security Department

Following the OPM data breach, Uncle Sam needs to step up recruitment of cyber talent (Washington Post) Better than any report on the federal government's "critical skills gap," the cybertheft of 22 million federal personnel records demonstrates Uncle Sam's need for cyber experts

A virtual community of cyber talent (FCW) Of the many ongoing initiatives to build a more cyber-savvy federal workforce, project leaders at the U.S. Cyber Challenge and Monster Government Solutions think they have something different in an online portal for trainees to network and display their credentials

GSA wants industry comments on cybersecurity SIN (Federal Times) The General Services Administration is considering adding a special item number (SIN) for cybersecurity and information assurance (CyberIA) to IT Schedule 70, making it easier for agencies to buy security tools and services and giving vendors a central place to offer their wares

Cybersecurity firm root9B planning San Antonio expansion (San Antonio Express-News) Colorado-based root9B, a high-ranking cybersecurity firm formed with the goal of preventing a "Cyber 9/11," has announced plans to expand in San Antonio

Security software firm Avecto secures space at Manchester Airport Trident development (BDaily) Global security software company Avecto has signed up for space at Property Alliance Group's (PAG) Trident Business Park next to Manchester Airport

Products, Services, and Solutions

Opinion: Twitter's privacy blunder (Christian Science Monitor Passcode) Twitter's decision to give companies instant access to every public post means that users' comments will be tracked, mined, and analyzed more than ever before. Perhaps it's time to think twice before you tweet

Why Microsoft Security Essentials is Better than All Third-Party Antivirus? (Neurogadget) The amount of malware released through the Internet and affecting user activity has increased massively in the last few years

Cisco or Trend Micro? The best breach detection systems around (IT Pro Portal) Given the current threat landscape and the fact that attackers are finding new ways to bypass traditional security, it's no surprise that many companies are turning to the use of breach detection to protect their systems

Risk Fabric: Automated predictive security analytics platform (Help Net Security) In this podcast recorded at Black Hat USA 2015, Anil Nandigam, Senior Director Product Marketing at Bay Dynamics, talks about Risk Fabric, an automated predictive security analytics platform that works with existing enterprise security systems to protect organizations from threats

ESET Virtual Appliance Remotely Manages Network Endpoint Security (eWeek) ESET seeks to reduce the complexity of managing endpoint security on an enterprise network with the ESET Remote Administrator v6, now available as a virtual appliance

Certes Networks: Business-Driven Cybersecurity via Crypto-Segmentation (Sys-Con Media) There are two kinds of enterprises in today's world: the ones that know they've been hacked, and the ones that don't know they've been hacked. To make matters worse, hackers are getting better and better at hiding their tracks. Companies often don't discover breaches until months later, long after the criminals have absconded with vital corporate data

Technologies, Techniques, and Standards

With New Domain Name, Banks Aim to Improve Security (Morning Consult) As consumers increasingly turn to the internet for their banking needs, the financial services industry is moving to create its own systems to bolster cybersecurity. The web domain .bank, which launched on June 23, is the latest effort to standardize and secure the online presence of banks

How to Fix the Top Five Cyber Security Vulnerabilities (Infosec Institute) A few weeks ago, we analyzed the top five cyber security vulnerabilities in terms of potential for catastrophic damage

The parfait approach to cyber defense: It's all about the layers (Venture Beat) Adobe was back in Flash-induced damage control mode again last month — which is a role that has become all too familiar for the company since Steve Jobs crafted his 2010 manifesto identifying 6 reasons why Flash should disappear

Dealing with a difficult data legacy (Help Net Security) Customer call recording and storage is now standard practice across a variety of industries, as well as a Financial Conduct Authority (FCA) requirement in many cases. But these 'legacy' call recordings regularly contain sensitive payment and personal data that must be (but often isn't) properly safeguarded

Design and Innovation

How Google's icon experiment could improve online security (Christian Science Monitor Passcode) Changing the way icons indicate safe website connections may seem small, but it could have a profound impact on users' understanding of secure online communications

Voice Authentication Beats Fingerprint Biometrics for Data Protection (Payments Source) While the average consumer's banking and payment account information may not be considered as highly-sensitive as the "non official cover" list from Mission Impossible, multi-layer authentication is still the best way to fend off fraudsters

The Burgeoning Invisible App Market (TechCrunch) Today's "invisible app" market could be classified as a passing trend, but it might also be the beginning of a significant multi-year shift in how we transact when we're away from our computers. This shift applies to mobile devices, email, home devices like the Amazon Echo and even wearables like the Apple Watch

Research and Development

NCCoE Seeks Vendors to Develop Model Systems for Controlling Access to IT Assets (NIST) The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to provide products and technical expertise on three projects to help organizations improve their cybersecurity. The projects focus on access control, personal identity verification credentials and mobile devices. Each project will result in an example cybersecurity design that can be used by organizations in multiple industry sectors

Academia

SMU partners with Raytheon on cybersecurity research (Dallas Business Journal) Southern Methodist University has been designated as one of Raytheon Co.'s strategic partners in cybersecurity research

James Clapper to Keynote UMUC September Cyber Gala (GovConExecutive) The University of Maryland University College will host a gala Sept. 12 to raise funds in support of UMUC Foundation's scholarships for cybersecurity students and honor key people in the field of cybersecurity

Legislation, Policy, and Regulation

Obama Administration Warns Beijing About Covert Agents Operating in U.S. (New York Times) The Obama administration has delivered a warning to Beijing about the presence of Chinese government agents operating secretly in the United States to pressure prominent expatriates — some wanted in China on charges of corruption — to return home immediately, according to American officials

How China has cyber-stumped the US and why Israel could be next (Jerusalem Post) Each revelation is more shocking than the previous one

U.S., India Leaders Meet to Improve Cybersecurity Cooperation (Legaltech News) The discussion occurred in anticipation of next month's likely meeting between President Obama and India Prime Minister Narendra Modi in New York

Experts: In cyber warfare, deterrence a challenge but may be key to nation's defense (TribLive) The United States' best defense against a crippling cyber attack could be a more visible offense, military leaders and other experts recently suggested at the Army War College in Carlisle. Then they stopped talking

How to Combat the Global Cybercrime Wave (Op-Ed) (LiveScience) Today, economic reliance on the internet is all-encompassing. With 40 percent of the world population now online, there is hardly an industry that has not been dramatically transformed and empowered by the communication and business opportunities created. But the very thing that has been such a powerful engine of global economic growth is now threatening to undermine it

Editorial: U.S. has been complacent, lazy in responding to cyberattacks (Hew Haven Register) The disclosure that Russia was responsible for penetrating the unclassified email system used by the Joint Chiefs of Staff should be disconcerting. Unfortunately, many accounts of cyberattacks these days seem to produce yawns. A major Hollywood studio discovered its computers ruined; a sensitive U.S. government trove of personnel information was stolen; corporate secrets were hacked and used for insider trading; major retailers and a health-care provider were looted of customer data — yet the United States has been complacent and lazy in responding

Wyden Asks What Steps Intelligence Leaders Took to Protect Federal OPM Records, Other Sensitive File (Political News) "The fact that such sensitive information was not adequately protected raises real questions about how well the government can protect personnel information in the future"

Brands On Alert As Massive Fines Set To Dwarf Reputation Damage After Hack Attacks (MediaPost) The statement most likely to fall from any marketing commentator's mouth when asked to report on a data breach is how the main threat to the business is its good name. The next line usually goes into a prophetic warning about how breaches can actually bring down companies as customers decide not to trust a brand that has been hacked and vote with their feet. The news today — in fact, the news in the making for the last couple of years — is that brands will probably have to start thinking about loyalty implications a lot less than they are massive new fines. The reason is that the punishments for breaches are going to skyrocket in the EU within the next year or so when the Data Protection General Regulation (DPGR) eventually becomes law

NETWARCOM gains oversight of more Naval networks (C4ISR & Networks) The Naval Network Warfare Command (NETWARCOM), headquartered in Suffolk, Virginia, executes tactical-level command and control of Navy networks and leverages joint space capabilities for Navy and joint operations, and also operates directly under the Navy's Fleet Cyber Command/10th Fleet. CAPT Eugene Costello has helmed the command since September 2013, after serving as deputy director of operations at the Defense Information Systems Agency

Jeh Johnson Tasks Homeland Security Advisory Council to Form Cybersecurity Subcommittee (ExecutiveGov) Jeh Johnson, secretary of the Department of Homeland Security, has issued a task assignment for the Homeland Security Advisory Council to form a cybersecurity subcommittee that will support the council's efforts in the cyber sector

Litigation, Investigation, and Law Enforcement

Will Supreme Court force DHS to divulge secret plan to cut cell service? (Ars Technica) Feds, lower courts say release of the full plan would "endanger" public safety

Safe given to lawyer among irregularities seen in review of Hillary Clinton emails (Washington Times) When State Department officials first discovered that Hillary Rodham Clinton's personal email account contained classified information, they did not seize the thumb drive containing her digitally archived inbox but rather provided her attorney a special safe to secure the device, according to interviews and documents

Dianne Feinstein defends Clinton's email practices (Politico) The top Democrat on the Senate Intelligence Committee defended Hillary Clinton's email practices on Thursday, saying media reports about classified information on the former secretary of state's server did not make clear that Clinton hadn't written any of the "top secret" emails

Former CIA spy on Clinton emails: 'You and I would get fired and possibly jailed' for this (Washington Examiner) If Hillary Clinton allowed classified information onto her private server or personal phone, she should be disqualified from becoming president, former CIA spy Bob Baer said Saturday

Hillary Clinton Hits Back on Email and Benghazi (Defense One) In a heated and defiant appearance, Hillary Clinton said she is the victim of a political witch hunt, and vowed to fight it

AT&T's "Extreme Willingness to Help" is key to NSA Internet surveillance (Ars Technica) Published report said partnership dates back to 1985

Private-Public Collaboration Puts Pittsburgh at Fore of Cybercrime Fight (Wall Street Journal) Partnership allows FBI agents to work with analysts from banks and other firms to identify threats

Using Passive DNS to Fight Cybercrime (eSecurity Planet) Going after bad guys can lead to unintended Internet collateral damage, but Paul Vixie has some ideas on limiting the risk with DNS

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, September 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders,...

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.