skip navigation

More signal. Less noise.

Daily briefing.

With a Sino-American summit in the offing, the US is said to be considering an array of economic sanctions that would target "individuals and companies" engaged in economic cyber espionage. (But how cyber retaliation would work remains unclear.)

Economic espionage apart, the consequences of ordinary cyber espionage for the US continue to expand. Russian and Chinese intelligence services are reported to be assiduously and successfully cross-indexing information gleaned from recent data breaches: OPM, airlines, health insurance providers. Sources say the process has already blown significant US operations.

Russian cyber operators have stayed busy, most recently in an EFF-themed spearphishing campaign attributed by observers to APT 28. Russian-speaking hackers have shown up in force with intrusion into dating sites (one cannot rule out a priori that they're simply impoverished and lovelorn, but betting on form, they're trolling for usable personal information). Reuters reports a new twist: a spike in Latin American cyber incidents seems driven by Brazilian and Peruvian hackers leveraging Russian support and expertise.

IBM warns against CoreBot, an information-stealing operation in the wild. Palo Alto describes KeyRaider, an exploit targeting jailbroken iPhones. Bitdefender reports an arbitrary code execution vulnerability in JetAudio Basic and JetVideo media players.

Low-grade blackmail and removal offers find their way to Ashley Madison clients. TreatSTOP thinks insiders could be behind the adultery site's data breach.

Companies add cyber expertise to boards, and begin to regard cyber security as a major concern during mergers and acquisitions.

Cyber companies seem good bets after last week's market plunge.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Germany, India, Iran, Iraq, Israel, Netherlands, Pakistan, Peru, Russia, Switzerland, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

China and Russia are cross-indexing hacked data to target U.S. spies, officials say (Los Angeles Times) Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said

Latam cyber attacks rise as Peru, Brazil hackers link up with Russians (Reuters) Cyber attacks and cyber espionage are on the rise in Latin America, and the source of much of it is Brazilian hackers and Peruvian recent university graduates linking up with Russian-speaking experts, according to internet security analysts

Russian-speaking hackers breach 97 websites, many of them dating ones (IDG via CIO) The hackers don't appear to be selling the data just yet

Alleged Russian hackers behind the EFF Spear phishing Scam (Security Affairs) The experts at EFF organization speculate that Russian State-sponsored hackers belonging the APT 28 group have managed the last EFF Spear phishing Scam

Ruskie ICS hacker drops nine holes in popular Siemens power plant kit (Register) WinCC HMI control platform used in Natanz, Large Hadron Collider

Advisory (ICSA-15-099-01C) Siemens SIMATIC HMI Devices Vulnerabilities (Update C) (US-CERT) Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These vulnerabilities were reported directly to Siemens by the Quarkslab team and Ilya Karpov from Positive Technologies. Siemens has produced updates that mitigate these vulnerabilities in all the affected products

How Indian financial outfits have been facing numerous cyber attacks from Pakistan (Economic Times) A month before Pakistan's ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai's financial district. Two large private banks, a retail brokerage and a state-owned lender faced a cyber attack from hackers across the border that seriously slowed down all online customer transactions

Watch Out for CoreBot, New Stealer in the Wild (IBM Security Intelligence Blog) When it comes to discovering new malware, it is much more common for researchers to run across information stealers, ransomware and remote-access tools (RATs) than it is to encounter brand new complex codes like banking Trojans or targeted attack tools such as Duqu

KeyRaider Malware Steals Certificates, Keys and Account Data from Jailbroken iPhones (Threatpost) Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information

JetAudio and JetVideo media player vulnerability allows arbitrary code execution (Help Net Security) An arbitrary code execution in the JetAudio Basic (v8.1.3) and JetVideo media players for Windows allows potential attackers to craft a malicious .asf file that could compromise a user's PC, warns Bitdefender

Could the Ashley Madison Hack Have Been an Inside Job? (Legaltech News) 'The tech evidence supports the assertion it was done with local access as opposed to remotely,' says ThreatSTOP Inc. CEO Tom Byrnes

Blackmail, Deletion Offers Hit Ashley Madison Users (TrendLabs Security Intelligence Blog) How much is keeping a secret worth? According to hackers taking advantage of the Ashley Madison hack, it's worth only up to one Bitcoin — around 230 US dollars at current exchange rates

The WhatsApp of Wall Street (Help Net Security) On August 21, a pump and dump penny stock scam targeting US users, and spread using WhatsApp, drove the share price of Avra Inc, a digital currency company, by 640% from its opening price of $0.17 to its peak of $1.26. What is unique about this scam is its use of WhatsApp to spread the threat, essentially using mobile applications to resurrect schemes that are dying out on email

FBI issues supplier scam warning to businesses (CSO) Agency PSA addresses business email compromise scams

Pendrives are most common cyber-attack vector in LatAm (BNamericas) An average of 42.3% of pendrive users in Latin America suffered offline infection attempts via such devices between January and August this year, whereas online attacks were suffered by some 20% of internet users in most countries, according to security solutions provider Kaspersky Lab

G Data: Bedenkliches Schnüffel-Programm auf immer mehr Handys (Inside-Handy) Befürchtungen, dass auf Smartphones aus China gefährliche Spähprogramme lauern, gibt es schon länger

iCloud photo leak and cyber security: what the experts say (Irish Examiner) Security experts believe that many of the issues that existed before the iCloud photo leak still exist today, whether it be human error-based or new vulnerabilities in technology discovered by hackers

Car hacking: How safe is your vehicle? (Emirates 24/7) Vehicles increasingly vulnerable to keyless entry and UConnect hack

Account Takeover Goes Blue and Takes out University of Michigan (ZeroFOX) Everyone's favorite attack at the beginning of 2015 was the social media account takeover, though they seemed to be dying down in recent months

Michigan's Catholic workers are latest cyber victims (Detroit Free Press) Whether you work for the military, shop at Nieman Marcus or pray the rosary at your job at a church, it could happen to you — having your most personal information stolen by computer hackers

Police Website Back Up After Possible Cyber Attack (NL Times) The police website was offline for hours on Sunday. The police believe that the most likely reason for the website's servers overloading is a large number of people trying to access a photo with a very high resolution on the site at the same time. Though they are not ruling out the possibility of a so-called DDoS attack

Bulletin (SB15-243) Vulnerability Summary for the Week of August 24, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Three Vulnerabilities in SIMATIC HMI Devices Patched by Siemens (Tripwire: the State of Security) Siemens, a leading producer of systems for power generation and transmission as well as medical diagnosis, has patched three vulnerabilities affecting a variety of SIMATIC HMI devices

PayPal patches potential payment-stealing vulnerability (Naked Security) Yesterday it was a Facebook web-based Elevation of Privilege bug found by a Laxman Muthiyah, a bug-bounty hunter in India

Google Chrome will block Flash from tomorrow…well, sort of (Naked Security) Adobe's Flash will face a double setback tomorrow, 1 September 2015

Cyber Trends

Cyber: A Risk Like No Other (WillisWire) I am in the insurance business, and for years I delivered a stump speech to CEOs, CFOs, CROs and risk managers trying to get them to pay attention to cyber risk. I don't have to make that speech anymore

Why 'Smart' Objects May Be a Dumb Idea (New York Times) A fridge that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet

An old-fashioned DDoS is the favored tactic of many cyberattackers (C4ISR & Networks) Distributed denial of service attacks have become a favorite tactic of cyber criminals, extortionists and protestors

Editorial: Latest breach should be wake-up call for all (New Jersey Business) The data breach that unsealed the notoriously tight lips of Ashley Madison would likely find some sympathy over at the state's largest university

Warning from Millennials: tighten online security or lose our custom (TaklkBusiness) 95% of Millennials believe their digital identities are not completely protected by appropriate and effective security measures

How Employees Become Pawns for Hackers (Security Affairs) Employees are the greatest security risks, especially since they are prone to be used as pawns for hackers. That's why they are vulnerable to attacks

Lawyers Are Prone to Fall for Email Scams (American Lawyer) Maybe lawyers aren't so clever after all. In fact, many of them might be a bit thick

The Myth of the Omnipotent Hacker (IBM Security Intelligence Blog) It's not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character's beloved family member — all in a 10-minute span

Marketplace

Cyber risk poses increased threat in mergers and acquisitions (Financial Review) Companies need to treat cyber security threats as business risks that could derail multibillion-dollar mergers and acquisitions — and not relegate risk mitigation to technology staff, prominent senior executives and directors have warned

More companies add cyber security pros to boardrooms (Toledo Blade) The board of directors at construction and engineering company Parsons Corp. needed to fill a seat two years ago

Hacks and attacks worry Australian insurers (Sydney Morning Herald) Cyber attacks have been singled out as the biggest risk feared by Australian insurers over the next few years, as companies battle increasingly difficult business conditions including a worsening economy

How you can profit from high-profile cyber attacks (Motley Fool) If there's one thing that scares Australian insurers even more than a macroeconomic downturn or interest rate risks, it's cyber-attacks

Investors in the dark as cyber threat grows (Reuters via Business Insurance) Investors are being poorly served by a haphazard approach from fund managers to the growing threat of cyber crime damaging the companies in which they invest, with a lack of clarity from the businesses themselves compounding the problem

The Stocks You Should Be Buying After Monday's Drop (Investment U) If you're looking for bargains after Monday's market sell-off, take a look at cybersecurity. Few industries got sold as hard — and yet it has the best growth prospects

Internet of Things security concerns prompt boost in IoT services (TechTarget) As Internet of Things concerns become an enterprise reality, one vendor is quick to offer IoT services to combat the risks

Network security firewalls approach $1 billion in 2Q15 (Help Net Security) The enterprise-class network security firewall market sales climbed more than 10 percent compared to the year-ago-period and approached a $1 billion quarterly run-rate during second quarter 2015, according to the Dell'Oro Group

Cyber security co Safe-T files to raise $15m on TASE (Globes) The Israeli company's Tel Aviv Stock Exchange IPO will be at an estimated company value of $70 million

Thoma Bravo Invests in Security Firm DigiCert (eWeek) The private equity firm takes a majority interest in leading SSL/TLS certificate authority vendor DigiCert

Pentagon announces Silicon Valley joint venture for wearables, warfare (Ars Technica) Defense Department is always hunting down new ways to surveil and kill

Akamai eyes growth in security and startups (ZDNet) Akamai Technologies Asia Pacific managing director Graeme Beardsell has revealed the company is looking to grow its business in the security and startup sector

Kaspersky allegedly threatened to 'rub out' rival, email claims (Reuters via CRN) Security vendors at each other's throats

Ashley Madison's marketing department clearly didn't get the memo (Graham Cluley) While reading Avid Life Media's press release about the departure of Ashley Madison CEO Noel Biderman, I noticed a strange banner ad for the massively-hacked adultery site

Data security firm at home in Indiana (Indianapolis Star) Founded in Silicon Valley, Rook Security is growing fast in Indianapolis, which CEO calls a "burgeoning tech hot spot"

Why is Uber hiring hackers? (Christian Science Monitor) The ride-sharing company has hired the two security researchers who demonstrated how to remotely hack a Jeep Cherokee last month

Products, Services, and Solutions

First insurance-backed placing platform will go live by year end with terrorism insurance (Out-Law) A planned e-trading platform for the London insurance market is "on track" to be up and running by the end of the year, with terrorism insurance products scheduled to be its first offering, the chief executive of the Lloyd's Market Association (LMA) has said

St. Elizabeth Healthcare Improves IT Security for Connected Medical Devices with Tenable Network Security (BusinessWire) Continuous View allows Northern Kentucky healthcare leader to preserve patient safety by detecting medical device vulnerabilities

Technologies, Techniques, and Standards

Domain hijacking spear-phisher foiled by the last line of defense — paranoia (Ars Technica) An Ars editor's paranoia is all that prevents a successful spear phish — this time

Alert (TA15-240A) Controlling Outbound DNS Access (US-CERT) US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to outbound DNS queries and responses

Detecting file changes on Microsoft systems with FCIV (Internet Storm Center) Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems

The incident response plan you never knew you had (CSO) Five strategies to give your incident response plan a headstart by using key components of the existing business continuity plan (BCP)

Proactive real-time security intelligence: Moving beyond conventional SIEM (Help Net Security) Surprisingly, discussions about security intelligence still focus primarily around conventional reactive Security Incident and Event Management systems (SIEM)

Who can stop malware? It starts with advertisers (InfoWorld) Malware masquerading as advertising is a growing problem, and the ad industry must figure out how to weed out scammers from legitimate companies

Design and Innovation

Open-source typeface "Hack" brings design to source code (Ars Technica) Sweet spot is 8px-12px, but you can tell the difference between I and 1 at 6px

Research and Development

Here's What The Military's Top Roboticist Is Afraid Of (It's Not Killer Robots) (Defense One) We're on the verge of an explosion in robotic capability and diversity, and it would be folly to stop exploring now, says the man who ran DARPA's Grand Robotics Challenge

Legislation, Policy, and Regulation

U.S. developing sanctions against China over cyberthefts (Washington Post) The Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government's cybertheft of valuable U.S. trade secrets

How To Respond To a State-Sponsored Cyber Attack (Defense One) The murky nature of network warfare makes it hard to choose a response. Here are some ways to think about it

Classifying an act of war or terrorism not as easy as you might think (Springfield News Leader) I was very privileged earlier this year to travel to our nation's capital with a very talented group of students from Missouri State University

McCain: Russian, Chinese hackers have advantages over U.S. in cyber security battles (Phoenix Business Journal) U.S. Sen. John McCain, R-Ariz., said Friday the U.S. is at a cyber security disadvantage against Russian and Chinese hackers aiming at American government and private sector security systems

ASIC commits to fighting online attacks over the next four years (ZDNet) The Australian Securities and Investments Commission said it will be watching out for the growing number of online attacks as part of its corporate plan to 2018-19

Why industry groups are wary of stronger FTC cybersecurity oversight (Christian Science Monitor via Yahoo! News) With a court ruling reaffirming the Federal Trade Commission's ability to police corporate cybersecurity practices, and Congress considering giving the agency more power, industry groups are now concerned about overregulation

Can US Cyber Nerve Center Hold onto its New Leaders? (Nextgov) On May 6, Department of Homeland Security Secretary Jeh Johnson announced a hotshot hire shortly would be at the helm of the nation's 24-hour cyber watch floor

Army's Signal Corps undergoing cyber review (C4ISR & Networks) As part of a sweeping, end-to-end review by the Army CIO/G6, the service's signal corps are facing a hard look at the skills, requirements and military operational specialties (MOSes) that comprise the corps

Army creating cyber units with soldiers, civilians (Stars and Stripes) The Army is looking for soldiers and civilians to serve in new cyber units charged with protecting critical stateside infrastructure and creating "effects" on the battlefield in support of conventional forces. The challenge: Attracting the creative, energetic talent typically drawn to the freewheeling tech sector

Litigation, Investigation, and Law Enforcement

Appeals Court Vacates Lower Court's Decision on National Security Letters (Threatpost) A federal appeals court has sent back to a lower court an appeal in a lawsuit about the way companies are allowed to publicize information about National Security Letters they receive

Joint Statement by the Office of the Director of National Intelligence and the Department of Justice on the Declassification of the Renewal of Collection Under Section 215 of the USA PATRIOT Act (50 U.S.C. Sec. 1861), as amended by the USA FREEDOM Act (IC on the Record) On August 27, 2015, the Foreign Intelligence Surveillance Court issued a Primary Order approving the government's application to renew the Section 215 bulk telephony program

Teen jailed for supporting ISIS on Twitter (CSO) The case shows how wide a net officials have cast in prosecuting online activities related to ISIS

Source: FBI 'A-team' leading 'serious' Clinton server probe, focusing on defense info (Fox News) An FBI "A-team" is leading the "extremely serious" investigation into Hillary Clinton's server and the focus includes a provision of the law pertaining to "gathering, transmitting or losing defense information," an intelligence source told Fox News

As New Book Arrives, Pentagon Warns Special Operators Against Leaks (Defense One) Defense secretary, SOCOM remind troops to keep secrets as new details of bin Laden raid and other missions emerge

National Crime Agency snares teens who used Lizard Squad DDoS tool (Naked Security) Six teenagers between the ages of 15 and 18 have been arrested in the UK as part of an operation targeting users of LizardStresser, an online tool for attacking websites

Attorney Caught in Wiretapping Scandal Loses Appeal (Recorder) In a 2-1 ruling, the U.S. Court of Appeals for the Ninth Circuit on Tuesday denied a reprieve to disgraced attorney-to-the-stars Terry Christensen from his 2008 conviction on illegal wiretapping charges

I advised Snowden to go to Russia instead of LatAm: Assange (PressTV) WikiLeaks co-founder Julian Assange says he advised US National Security Agency (NSA) whistleblower Edward Snowden to seek asylum in Russia instead of Latin America

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

Internt-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...

Upcoming Events

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, September 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders,...

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.