skip navigation

More signal. Less noise.

Daily briefing.

Some minor moves among cyber criminals yesterday and today. The Gozi banking Trojan, hitherto mostly seen in attacks against financial institutions in the Gulf and the US, appears ready for an Eastern European outbreak. Users of the Angler exploit kit show signs of moving to Neutrino. Older versions of iOS are said to be vulnerable to "Quicksand" exploitation.

The Ashley Madison breach continues to dominate cyber news, and interest therein is not entirely sordid. US observers note a large number of Federal and military email accounts in the posted credentials. The Feds are paying close attention, given the obvious potential for blackmail, and equally the obvious evidence of people misbehaving with Government networks. (For military personnel Army Times notes an additional risk: adultery remains a punitive article in the US Uniform Code of Military Justice.) CSO's Salted Hash publishes some internal, pre-breach security self-assessments from Ashley Madison's parent company, Avid Life. The concerns would be familiar to any organization: tension between operational efficiency and security, worries about potentially disgruntled insiders, the difficulty of recruiting and retaining security personnel (which one executive characterizes as the problem of "keeping up with the jones" [sic]), etc.

Cisco warns that Flash exploits are proliferating rapidly.

Drupal, WordPress, and Pocket issue security upgrades.

CSO offers a rundown of dates, "holidays," although most of them aren't actual holidays, on which cyber attacks are more likely.

Symantec's recent M&A activity prompts speculation about other cyber companies thought to be preparing acquisitions.

Texas clarifies cyber standards of care.

Notes.

Today's issue includes events affecting Australia, Bulgaria, Canada, China, Portugal, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory? (IBM Security Intelligence) In what appears to be a trend, another banking Trojan is ready to attack in Eastern Europe. This time it is the Gozi/ISFB Trojan, which just added 9 major banks in Bulgaria to its list of targets

Actor using Angler exploit kit switched to Neutrino (Internet Storm Center) I've often had a hard time finding compromised websites to kick off an infection chain for the Neutrino exploit kit (EK). During the past few months, we've usually seen Angler EK, Nuclear EK, or Rig EK instead

Appthority Identifies Critical iOS "Quicksand" Vulnerability Enabling Malicious Mobile Apps to Harvest Enterprise Credentials (Sys-Con Media) Even with the iOS 8.4.1 security update, 70 percent of enterprise devices at-risk from running outdated iOS versions

Payment card info of 93,000 Web.com customers stolen (Help Net Security) The name, address, and credit card information of approximately 93,000 customers of Web.com, a popular US-based provider of Internet services to small businesses, has been compromised due to a breach of one of the company's computer systems

Inside the Unpatched OS X Vulnerabilities (Threatpost) Update: Luca Todesco still won't say why he disclosed over the weekend details and proof of concept code for a pair of unpatched and previously unreported OS X vulnerabilities, instead standing firm by his pat response: "I had my reasons"

15,000 government emails revealed in Ashley Madison leak (The Hill) Thousands of clients using the affair-oriented Ashley Madison website listed email addresses registered to the White House, top federal agencies and military branches, a data dump by hackers revealed

Cyber foes likely 'digging through' leaked Ashley Madison data (The Hill) The leaked Ashley Madison data on thousands of government and military workers are likely to create troubling cybersecurity and national security concerns for Washington, security experts said Wednesday

Ashley Madison hack could mean trouble for some feds, troops (Army Times) The release of personal information reportedly belonging to more than 36 million members of adultery-focused dating site AshleyMadison.com contains 15,000 email addresses with military or federal government domains, according to a separate online data dump

Ashley Madison: What's in the leaked accounts data dump? (BBC) It appears that hackers have released 10 gigabytes of data stolen from Ashley Madison, a dating website for married people

Hacker's Ashley Madison data dump threatens marriages, reputations (Reuters) Love lives and reputations may be at risk after the release of customer data from infidelity website Ashley Madison, an unprecedented breach of privacy likely to rattle users' attitudes towards the Internet

How to search the Ashley Madison leak (Washington Post) Hackers say they have posted the personal details of millions of people registered with the adultery website Ashley Madison. But this massive data breach could have widespread implications on how we all use the Internet

Ashley Madison self-assessments highlight security fears and failures (CSO) Internal assessments highlight core concerns for company executives

ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach (Dark Reading) Breach highlights need for greater anonymity controls in identity and payment mechanisms

Ashley Madison: Betting site offers odds on who will be exposed (Graham Cluley) Sheesh. There's always someone trying to make a quick buck out of others' misery isn't there?

Workplace etiquette after Ashley Madison: 8 tips for dealing with embarrassed colleagues (Quartz) So you've just found out that a work colleague (or their partner) is among the 32 million users of Ashley Madison, the dating site for people seeking extramarital affairs, whose details were just leaked online. How to navigate this potentially explosive privacy issue? Here's Quartz's guide to handling it with sensitivity, tact, and grace

The Ashley Madison Hack Is Not OPM (But the Government May Be Watching It Anyway) (Defense One) Thousands of the site's affair-seeking users registered from .mil and .gov domains — at least ostensibly

Manipulation of feds' personal data is a major danger in OPM cyber heist (Washington Post) The Office of Personnel Management (OPM) data breach shows us how espionage is done in the digital world

Cisco: Flash exploits are soaring (Network World via CSO) Exploit kits are more successful because enterprises don't patch fast enough

DDoS attacks double as criminals leverage home routers, Wordpress plugins (CSO) DDoS attacks in the second quarter of 2015 have doubled, when compared to last year

Hackers hit Hong Kong church site using just patched IE zero-day (CSO) A day after Microsoft released a patch for critical bug in Internet Explorer researchers have found it being used in semi-targeted attacks on visitors to a church in Hong Kong

Everybody's Gotta Have .Faith (shady TLD research, pt. 9) (Blue Coat) While working on the .date research [which I just noticed was mistakenly labeled as "part 7" instead of "part 8"], I noticed that several of the shady networks using .date domains were also using .faith domains, so that was the logical choice for our next look at a Shady TLD "neighborhood"

Mumsnet hack: Pressure group Fathers4Justice condemns cyber attack on parenting forum (Independent) Mumsnet was forced offline by a distributed denial of service (DDoS) attack launched by DadSecurity

University of Virginia Servers Breached, Chinese Connection Detected (HackRead) University of Virginia the latest to suffer hack attack. The attack allegedly originated from China

Could hackers take down a city? (Washington Post) First the power goes out. It's not clear what's gone wrong, but cars are starting to jam the streets — the traffic lights are down. And something seems to be going haywire with the subways, too

Five Reasons The U.S. Power Grid Is Overdue For A Cyber Catastrophe (Forbes) As other major industries one by one fall victim to hackers, the U.S. electrical-power generation and distribution system seems remarkably insulated from cyber threats

Security Patches, Mitigations, and Software Updates

Drupal Core — Critical — Multiple Vulnerabilities — SA-CORE-2015-003 (Drupal) This security advisory fixes multiple vulnerabilities

Keep your site more secure with WordPress 4.3 (Help Net Security) WordPress 4.3, named Billie in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard

Holes Patched in Online Bookmarking App Packet (Threatpost) Developers with Pocket recently fixed vulnerabilities that could have allowed users to exfiltrate data from the company's servers, including sensitive information regarding web services, internal IP addresses and more

Security Alert: Millions Exposed to Cyber Attacks Because of Internet Explorer Vulnerability (Heimdal) Yesterday evening, Microsoft released an emergency patch for a critical Internet Explorer vulnerability. Although you may not use IE on a daily basis, here's why it's important to update your system and get the patch now

Now we get to see how Microsoft does at continuous delivery for Windows (FierceCIO) Microsoft Tuesday rolled out a couple of new features for people who are part of the Windows Insider program, the first updates since Windows 10 was released to the world a couple weeks ago

A vulnerable week: Tech firms scramble to release patches (MicroScope) A number of vulnerabilities have been discovered this week, leaving the likes of Microsoft, Apple and Google all reeling to get patches released

Cyber Trends

Can Sharing Threat Intelligence Prevent Cyberattacks? (eSecurity Planet) The Obama administration and some in the private sector believe sharing threat information can help thwart cyberattacks. But not everyone is convinced

Keep these cyberthug holidays marked on your calendar (CSO) It's no happy day for enterprises when cyber thugs celebrate their favorite 'holidays' — special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations

6 Things Washington Doesn't Get About Hackers (Foregin Policy) Now is the time to understand more about vuln, so that we may fear less

The unstoppable rise of DDoS attacks (Help Net Security) For the past three quarters, there has been a doubling in the number of DDoS attacks year over year, according to Akamai. And while attackers favored less powerful but longer duration attacks this quarter, the number of dangerous mega attacks continues to increase

Most security executives lack confidence in their security posture (Help Net Security) A new Raytheon|Websense survey of security executives at large companies in the U.S. reveals that confidence in their enterprise security posture is lacking

The insider versus the outsider: Who poses the biggest security risk? (Help Net Security) Today, many organizations are under continuous attack from nation-states or professional cyber criminals

Marketplace

CISOs facing boards need better business, communication skills (CSO) As information security becomes a more important topic of interest, CISOs are increasingly asked to step up and brief boards on cyber issues

Dragon News Our Insight Our Initiatives Who We Are (Team Cymru) I was listening again this week to the Down the Rabbit Hole weekly podcast . There have been a couple of recurring themes of late; leaders in the technology world and skills shortages. I have no doubt they are connected subjects. IT is no longer a supporting function but a core part of any organisation, there are very few companies that could continue to operate without Internet connectivity and networked computers

CISO Transitions: Experience Alone is Not Enough (Government Technology) The responsibilities of chief information security officers have had to evolve significantly in the face of the changing technology landscape, and mounting internal and external challenges

Bank of England urges insurers to boost cyber attack protection (Express and Star) The Bank of England is checking up on insurers to make sure they are properly protected against cyber attacks amid fears the sector is becoming a prime target for hackers

Cyber security providers from FireEye to IBM and Symantec seek acquisitions to counter hackers (The Deal) With the $8 billion sale of its Veritas storage unit to a group led by Carlyle Group (CG) announced last week, Symantec Corp. (SYMC) CEO Michael Brown said the cyber security company will likely use some of the proceeds to make acquisitions

CensorNet takes slice of security outfit Sirrustec — sources (CRN) Security vendor CensorNet acquires Sirrustec's email security, email continuity and archiving platform, according to sources

Cyber intel firm iSight plans funding round ahead of 2016 IPO (Reuters) Cybersecurity intelligence firm iSight Partners is looking to raise $100 million or more this year as it prepares for an initial public offering as early as the end of 2016, the company's chief executive told Reuters

Palo Alto Networks CEO: We Will Be The Biggest Security Company By 2017 (Or Sooner) (CRN) The numbers show it — Palo Alto Networks is on a high-growth run-rate, one that has the security company on a trajectory to outpace the competition by 2017, CEO Mark McLaughlin said

Central Command looks for private sector for joint cyber planning (Defense Systems) In an effort to shore up cyber defenses across government, a cross-agency effort is interested in procuring joint cyber planning services for the U.S. Central Command

Akamai Appoints Ashutosh Kulkarni as Senior Vice President and General Manager, Web Experience Division (IT Business Net) Former SVP & GM at Informatica, Kulkarni brings 20 years of products experience to Akamai

Robert Fleming Appointed Northrop Division Cyber, Unattended Systems and Strategy VP (GovConWire) Robert Fleming, a 10-year veteran of Northrop Grumman (NYSE: NOC), has been named vice president for cyber, unattended systems and division strategy at the company's advanced land and self-protection systems division

Products, Services, and Solutions

8 new threat intelligence products to make you bulletproof (CIO) Threat intelligence systems that deliver accurate and actionable information about cyberthreats can help IT end an attack before real damage is done

Demonsaw Uses "Social Cryptography" To Share Files And Data Anonymously (TechCrunch) While Demonsaw sounds like it would be an amazing metal band, it's actually a sharing system built by a senior programmer at Rockstar Games

Blackphone 2 Delivers Secure Smartphone Improvements (InformationWeek) Silent Circle is now accepting preorders for the Blackphone 2, its secure enterprise smartphone

SentinelOne Endpoint Protection Platform Prevents Data Breaches for Enterprises (BizTech Mojo) Data breaches and hacking incidents have been increasing lately with businesses and corporations being easy targets

Palo Alto launches new flagship firewall, claims 200Gbps of throughput (Seeking Alpha) Palo Alto Networks' (PANW) mini-fridge sized PA-7080 next-gen firewall displaces the PA-7050 as the company's top-of-the-line hardware offering. It uses nearly 700 function-specific processors to deliver up to 200Gbps of max throughput and 100Gbps with all security features enabled, improved from 120Gbps and 60Gbps for the 7050

Intel unveils security bracelet that unlocks the wearer's computer (FierceMobileIT) Intel unveiled Tuesday at its developers' forum a wearable specifically designed for the enterprise — a security bracelet that authenticates the wearer and unlocks his or her computer

HALOCK Launches Comprehensive Advanced Threat Diagnostic (PRNewswire) Security diagnostic is the most comprehensive in the industry

EXCLUSIVE: Tenable Network Security signs on The Missing Link as new partner in Australia (ARN) Offers Tenable Network Security's solutions to the Australian market

Technologies, Techniques, and Standards

7 Hot Advances In Email Security (InformationWeek) Despite gaping security holes, email is too entrenched in business communications to go away. Consider these 7 ways to bolster email security and help IT admins sleep easier at night

5 Cybersecurity Issues to Avoid (Digital Guardian) Avoid these common pitfalls to increase the efficacy of your cybersecurity efforts without incurring additional costs or technological requirements

Machine learning key to building a proactive security response: Splunk (CSO) Growing demand for business relevance around security analytics will see machine-learning algorithms playing an increasing role in the large-scale analysis of security logs using big-data analytics tools, the head of analytics firm Splunk's security business has predicted

US military can teach CEOs about cybersecurity and building a high-reliability organisation (IT Security Guru) As organisations worldwide continue to fall victim to cyber-attacks made possible by the mistakes of their own network administrators and users, a new report shows how CEOs can take a cue from the US military and create high-reliability organisations (HROs) that consistently guard against cybercrime

Applying the 80/20 Rule to Cyber Security Practices (Dark Reading) How to look holistically across technology and processes and focus resources on threats that create the greatest damage

Updated privacy policies — do you check what's changed? (Naked Security) Do you use the music-streaming service Spotify?

Research and Development

Centrify Awarded Patent for Privileged Account Security (BusinessWire) Centrify Corporation, the leader in securing identities from cyberthreats, today announced it has been awarded patent No. 9,112,846 from the United States Patent and Trademark Office. The patented technology is a new method and apparatus for transmitting additional authorization data

Academia

Guidance Software Funds Data Security Program At Caltech (socaltech) Pasadena-based Guidance Software, which makes computer forensics and digital investigation software, said today that it has funded a data security research program at the Caltech Institute of Technology (Caltech)

Legislation, Policy, and Regulation

Is Australia's cyber security-focused government underestimating the insider threat? (ComputerWeekly) Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from

Financial sector defends cyber bill (The Hill) The battle over a stalled cybersecurity bill has spilled into the August recess

Jeb Bush wants "a new arrangement with Silicon Valley" to ease crypto (Ars Technica) Y'know, because only "evildoers" want to protect their communications

DoD establishes new guidelines, oversight for its cyber workforce (FierceGovernmentIT) The Defense Department issued a directive last week that creates a council to handle oversight of new guidelines that will standardize and unify its cyber workforce and policies

Cyberspace Workforce Management (US Department of Defense) This directive reissues and renumbers DoD Directive (DoDD) 8570.01 (Reference (a)) to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce

GSA changes strategy for last pool on major cyber program (Federal Times) One of the main points that made the Department of Homeland Security's Continuous Diagnostics and Mitigation program different from other cybersecurity initiatives was the creation of a blanket purchase agreement to enable agencies to buy security tools off a single vehicle

Acquisition executive sees cyber threat on rise (Redstone Rocket) Budgetary impacts on contested environment operations, especially in the area of research, development and acquisition are a major concern for Heidi Shyu, assistant secretary of the Army for acquisition, logistics and technology

James Trainor Appointed as FBI Cyber Division Assistant Director (ExecutiveGov) James Trainor Jr., formerly deputy assistant director of the FBI's cyber operations branch, has been appointed as assistant director of the agency's cyber division in its Washington headquarters

Litigation, Investigation, and Law Enforcement

Probe of Hillary Clinton's server could find more than just emails (AP via Chicago Tribune) A forensic examination of Hillary Rodham Clinton's private computer server could unearth more details than what she put in her emails. It could answer lingering questions about the security of her system, who had access to it and whether outsiders tried to crack its contents

China vows to "clean the internet" in cybercrime crackdown, 15,000 arrested (Naked Security) The Ministry of Public Security in China said this week that 15,000 people have been arrested since the launch of a major anti-cybercrime operation called "cleaning the internet"

Ashley Madison Owner Taps Am Law Firms Amid Massive Hack (American Lawyer) While worried spouses continue to sift through the sea of identifying data posted online this week by hackers that targeted AshleyMadison.com, a dating and social networking service that markets itself to would-be cheaters, the controversial company has wasted no time getting lawyered up

When Must Lawyers Ethically Encrypt Data? Texas Answers. (Ride the Lightning) The times they are a-changing when it comes to the transmission of confidential data by lawyers

Key findings from the 2015 US State of Cybercrime Survey (PWC) Cybersecurity incidents are not only increasing in number, they are also becoming progressively destructive and target a broadening array of information and attack vectors

Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice (International Journal of Cyber Criminology) The primary goal of this paper is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime

Former U.S. Government Employee Charged in Computer Hacking and Cyber Stalking Scheme (US Department of Justice Office of Public Affairs) A former locally-employed staff member of the U.S. Embassy in London was charged with engaging in a hacking and cyberstalking scheme in which, using stolen passwords, he obtained sexually explicit photographs and other personal information from victims' e-mail and social media accounts, and threatened to share the photographs and personal information unless the victims ceded to certain demands

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, September 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders,...

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.