skip navigation

More signal. Less noise.

Daily briefing.

Japan's Cyber Defense Institute warns that some Arabic-language blogs discussing ISIS are serving as malware vectors. No attribution, but the Cyber Defense Institute speculates that individuals and firms doing counter-terrorism research are the targets of an organized campaign.

ISIS's own attempts at information operations, based as they are on horrific propaganda-of-the-deed, show signs of prompting a grassroots backlash from the audience they seek to impress. A Forbes op-ed calls US social media complicit in ISIS's online efforts. While this is a little like blaming tire-manufacturers for car-bombings, the piece offers perspective on terrorists' online presence.

Trend Micro outlines Operation Pawn Storm, a cyber espionage campaign targeting iOS. Trend Micro stops short of attribution, but FireEye isn't so shy: they call out Russia's government.

Others report more Russian fingerprints on the Sony hack. Taia Global presents evidence that Russian actors (presumably criminals, not necessarily state organs) have not only been in Sony Pictures' networks, but that they remain there still.

An Internet Explorer flaw opens users to cross-site-scripting exploitation.

Ransomware and adware both continue to surge, as familiar attacks take new turns and gain new capabilities. Banking Trojans also find fresh victims.

On threats within the financial sector, brokers fear insiders most, then criminals. (Terrorists not so much. Such fears continue to shape the cyber insurance market.) Financial service customers take note: your banks, brokers, and wealth managers probably aren't going to cover your losses to hacks.

Hackers aren't necessarily smart, finds Sophos, but they do benefit from their black market.

Notes.

Today's issue includes events affecting China, Iraq, Japan, Jordan, Democratic Peoples Republic of Korea, Russia, Syria, United States.

Cyber Attacks, Threats, and Vulnerabilities

Malware targets users seeking info on Islamic State group (Japan Times) Sophisticated computer malware has been infecting computers when users visit certain blogs that discuss the Islamic State militant group

Isis attempt to turn Arabs against each other risks backfiring (FInancial Times) Jihadis may have misjudged the mood of the tribes, particularly in Jordan

The Islamic State was dumped by al-Qaeda a year ago. Look where it is now. (Washington Post) Exactly one year ago, al-Qaeda formally announced its separation from the Iraq and Syria affiliate, deeming the Islamic State of Iraq and Syria (ISIS) too radical for its standards. From there, the Islamist militant group stood alone

Terrorist Use Of U.S. Social Media Is A National Security Threat (Forbes) American companies like Twitter, Facebook, Google, Apple, Microsoft, Yahoo and other popular services, including YouTube, WhatsApp, Skype, Tumblr and Instagram, are facilitating global jihad

Apple iOS Now Targeted In Massive Cyber Espionage Campaign (Dark Reading) Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads

Dangerous IE flaw opens door to phishing attacks (IDG via ComputerWorld) The vulnerability can be used to steal authentication cookies and inject rogue code into websites

New Wave of CTB-Locker/Critroni Ransomware Hitting Victims (Threatpost) There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries

Hackers holding websites to ransom by switching their encryption keys (Guardian) Websites taken offline in new attack, which sees hackers change codes to permanently lock owners out unless they pay a ransom

Ransomware attack freezes backups with crypto key swap (Register) File integrity monitoring, patching, key defence

1,800 Domains Overtaken by Flash Zero Day (Threatpost) When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about which kit would rise up as its successor

Backdoor.Winnti attackers have a skeleton in their closet? (Symantec Connect) New evidence suggests that the skeleton key malware, known as Trojan.Skelky, could be linked to the Backdoor.Winnti malware family

New Banking Trojan Targets Android, Steals SMS (Threatpost) A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds

Dyre banking trojan tweaked to spread Upatre malware via Microsoft Outlook (Network World) The U.S. is most affected by a new variant of Dyre that hijacks Microsoft Outlook to spread malware. But it's not just banks or bitcoin wallets being targeted as the University of Florida was a victim of Dyre/Upatre attack

Malicious ads on major sites compromise many computers (IDG via ComputerWorld) New vulnerabilities in Flash combined with malicious ads are helping attackers

Russian Hackers Breached Sony's Network: Report (SecurityWeek) A group of Russian hackers had — and possibly still has — unauthorized access to the network of Sony Pictures Entertainment, according to a report published on Wednesday by Taia Global

Forget North Korea — Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm (Forbes) Sony Pictures might have another cyber disaster on its hands. Or the same hackers could still be silently leaking information from the film studio's servers. That's what US security firm Taia Global has suggested, making a bold claim in an already heated debate around the November atttacks

Sony Hack Has Cost Its Business $15M So Far (TechCrunch) A large-scale hack of Sony's servers last year brought huge publicity to the company — as employee and industry insider emails leaked, a planned Sony Pictures film release was scrapped and then subsequently rushed out as an online release, and the finger of blame was pointed at North Korea. Reputational damage caused by the incident is all but impossible to quantify

Brokerage Firms Worry About Breaches by Hackers, Not Terrorists (New York Times) The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge

Google pulls three stealthy adware-filled apps from Play store (ZDNet) Google has suspended three Android apps from its Play store that were pushing unwanted apps to millions of users

GHOST New Research: Proof-of-Concept Exploit Code (Information Security Buzz) A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was announced this week

Admin alert: Twice as many digital certificates used to sign malware reported in 2014 (First Post) By the end of 2014, the company's antivirus database included more than 6,000 of these certificates. Considering the increase in threats related to signing malicious files, Kaspersky experts advise system administrators and users not to trust digital signatures without question, and not to allow signed files to launch purely on the strength of the signature

How to stop a plane (Economist) Over the past several weeks, airlines in America have been the victims of a dramatic spike in social-media bomb threats, according to CNN. No bombs have been found, but because airlines and the American airport security apparatus treat every threat seriously, numerous flights have been delayed, diverted or even cancelled

Former FERC Chief Jon Wellinghoff Speaks Out on Grid Security and Distributed Generation (Forbes) In a previous article on Forbes, I had a conversation with former-CIA chief Jim Woolsey to discuss one of America's greatest national security vulnerabilities, its power grid

Cyber attack forces city to pull its website down indefinitely (ArkLaTex) According to our sister station KETK in Tyler the city of Longview pulled its website down indefinitely Monday after a week of issues stemming from hacking attacks

League of Legends exploit allows attackers to access gamers' accounts (Help Net Security) A string of hacks has revealed the existence of an exploit targeting League of Legends players, which allows the attackers to open up the game's store from a web browser and initiate transactions paid with a user's Riot Points (RP) and Influence Points (IP), two of the in-game currencies

APT developers not as smart as they're made out to be (CSO) It doesn't take a genius to develop so-called APT attacks

Competitive DDoS-for-hire market drove attack innovation in Q4 2014 (Networks Asia) An "incredible number" of DDoS attacks occurred in the fourth quarter of 2014, almost double the number observed by Akamai Technologies, Inc. in Q4 a year ago

At Least 5 Percent of Card Issuers Will Suffer Fraud on EMV Cards Due to Improper Implementations By The End of 2015 (FierceITSecurity) Following some high-profile data breaches in 2014, U.S. payment card network participants began heavily endorsing Europay, MasterCard and Visa (EMV) chip cards as an important way to prevent damage from payment card breaches. However, criminals have taken advantage of poor implementations of EMV chip payment applications, committing extensive fraud that defeats EMV controls for everyone in the payment card ecosystem

Get your smartphone's screen fixed, and have your nude selfies stolen while you wait (Graham Cluley) Just about everybody reading this has probably had that gut-wrenching experience of having a smartphone tumble from their hands, and smack down *hard* against the floor

There's No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams (19th International Conference on Financial Cryptography and Data Security via SMU) We present the first empirical analysis of Bitcoin-based scams: operations established with fraudulent intent. By amalgamating reports gathered by voluntary vigilantes and tracked in online forums, we identify 192 scams and categorize them into four groups: Ponzi schemes, mining scams, scam wallets and fraudulent exchanges. In 21% of the cases, we also found the associated Bitcoin addresses, which enables us to track payments into and out of the scams. We find that at least $11 million has been contributed to the scams from 13 000 distinct victims. Furthermore, we present evidence that the most successful scams depend on large contributions from a very small number of victims. Finally, we discuss ways in which the scams could be countered

What happened when I confronted my cruellest troll (Guardian) I'm often deluged with hate online — and I'm used to being told not to feed the trolls. But after one of them stole my dead dad's identity to abuse me, I decided to ask him why

Security Patches, Mitigations, and Software Updates

Android 5.0 Lollipop: Where Are The Updates? (InformationWeek) Google and its smartphone partners have been slow to roll out Android 5.0 or Lollipop. It maybe a sign the code is still buggy

Cyber Trends

Most brokers and advisers don't guarantee your money back after a hack attack (MarketWatch) The vast majority of brokerages and financial advisers don't guarantee clients will be reimbursed for losses related to a cyber attack, a study by Wall Street's federal regulator found — despite the fact that most said they "have been the subject of a cyber-related incident"

Data Integrity: The Core of Security (SecurityWeek) Data breaches at companies such as Target, Home Depot, Staples, Michaels, eBay, and Sony Pictures Entertainment are raising doubts about whether organizations are investing their security dollars in the right areas

3 Disturbing New Trends in Vulnerability Disclosure (Dark Reading) Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing

CipherCloud Report Identifies over 1,100 Cloud Applications in Use by Companies, 86 Percent of Cloud Applications are "Shadow IT" (PRNewswire) North American and European companies use on average 1,245 and 981 applications, respectively

Marketplace

Multi-factor authentication market will be worth US$1.6 billion by the end of 2015 (Help Net Security) ABI Research found that the global mobile multi-factor authentication software and service market will be worth US$1.6 billion by the end of 2015

Who'd be Target's infosec chief? Tesco CIO joins hack-battered firm (Register) Previous chap retires after annus horribilis

New Target CIO: Bull's-Eye On Innovation (InformationWeek) Target can't ease up on security after its massive data breach, but the retailer must fire up its tech innovation to compete against online rivals

KEYW Announces $114 Million Increase to a Large Systems Integration Contract (GlobeNewswire via Nasdaq) The KEYW Holding Corporation (Nasdaq:KEYW) announced today that its wholly-owned subsidiary, The KEYW Corporation, received a funding ceiling increase of $114 million to a large systems integration contract with a government customer

Accuvant-FishNet Merger Complete, $1.5B Security Behemoth Is Born (CRN) Accuvant and FishNet Security Monday said they had closed on their merger, creating a $1.5 billion security behemoth with ties to every leading security product manufacturer

Symantec's Revenues Set To Decline In Q3 As Restructuring Continues (Seeking Alpha) Symantec is currently in the midst of several restructuring measures in an attempt to revitalize itself

Security Reward Programs: Year in Review, Year in Preview (Google Online Security Blog) Since 2010, our Security Reward Programs have been a cornerstone of our relationship with the security research community. These programs have been successful because of two core beliefs

Researcher Gets $5,000 for Severe Vulnerability in HackerOne (SecurityWeek) HackerOne, the popular security response and bug bounty platform, rewarded a researcher with with a $5,000 bounty for identifying a severe cross-site scripting (XSS) vulnerability

CRN Names AVG in 2015 Coolest Cloud Security Vendor Top 20 (PRNewswire) AVG CloudCare™ acclaimed for its pay-as-you-go consumption model

Phil Lacombe Named Parsons Cyber Lead (GovConWire) Phil Lacombe, currently vice president and manager for the information systems and security sector at Parsons, has been appointed to lead the company's cyber initiative

Norse Appoints Noted Cybersecurity Expert Mary Landesman as Senior Data Scientist (Businesswire) Early pioneer in threat data analytics joins Norse Threat Intelligence Team

Products, Services, and Solutions

Dell, FireHost partner in secure private cloud services push (ZDNet) Dell and FireHost are teaming up to improve the security of private cloud environments

Checkmarx's New CxRASP Platform Offers Runtime Application Self-Protection (App Developer) Checkmarx has announced the launch of its Runtime Application Self-Protection (RASP) solution, CxRASP, which utilizes two-point instrumentation technology to continuously observe an app's bidirectional data flow, enabling the detection and defense against real-time attacks

Sookasa Launches a Cloud Encryption Capability that Lets Users Securely Receive Files from Anyone (PRWeb) With its brand-new File Delivery platform, Sookasa now addresses every step of the sharing process to ensure compliance

Thycotic Increases Flexibility of Privileged Account Management with Secret Server 8.8 (PRNewswire via the Providence Journal) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced the release of the newest version of its flagship solution, Secret Server

NetIQ Access Manager 4.0 Earns EAL 3+ Common Criteria Certification (PRNewswire) Accredited security certification reinforces NetIQ's commitment to delivering secure access management

Radware CEO on Identifying Intruders (BankInfoSecurity) Recognizing the behavior of an intruder, rather than relying on digital signatures, will prove to be a better way to prevent hackers from pilfering data and creating havoc in IT systems. That's the view of Radware CEO Roy Zisapel, who attributes his company's success, in part, to the algorithms its mathematicians develop and refine for its security products that can identify when a hacker invades a customer's systems

Unitas Global and Alert Logic Announce Strategic Partnership (BusinessWire) Unitas Global, the leading cloud solution provider, today announced their strategic partnership with Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud. Together, Unitas and Alert Logic will offer clients comprehensive, innovative and secure cloud solutions and services

Qualys Brings Industry's First Continuous Progressive Scanning Capabilities to Its Fast Growing Web Applications Scanning Solution (Marketwired) New features enable deeper and comprehensive continuous scanning of large and complex web applications

Cytegic monitors cyber-security threats in real-time (B2B News Network) Say you're concerned about cyber-criminals hacking into your company's back end. You've run risk assessments before but those reports take weeks to compile. You're worried those assessments could come too late. What if could diagnose cyber-security attacks in real-time and be notified immediately of potential solutions?

Technologies, Techniques, and Standards

Cyber security guidance for business (Centre for the Protection of National Infrastructure and Department for Business) Guidance on how organisations can protect themselves in cyberspace

Security fears driving new interest in cyber insurance (FierceCIO) Real policy values require that an organization be transparent — and accurate — on what its IT security profile really looks like

Why You Need to Accelerate 'Time to Compliance' (IBM Security Intelligence Blog) Human beings are creatures of habit. We do things a particular way because that's how we've always done them, and we often continue until someone shows us a better approach

How a penetration test helps you meet PCI compliance guidelines (Help Net Security) In order to protect credit card data, sometimes businesses have to think like a hacker

Fighting Cyber Threats While Taking Human Behavior Into Consideration (Tripwire: the State of Security) In today's corporations, information security managers have a lot on their plate. While facing major and constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company's assets, and mitigate risks as best as possible. To address this, they have to formulate policies to establish desired practices that avoid these dangers. They must then communicate this wanted behavior to the employees so that they adapt and everything can go according to plan. But is this always the case?

Is teamwork the best weapon in data security? (Scalar) Information governance and data security have become hot topics in the public and private sectors of the world, as cybercrime remains one of the most significant threats to economic and financial stability. While modern tactics and the deployment of advanced data security and network monitoring software are certainly important steps in the right direction for all organizations, the group-think approach to relevant intelligence building might have the highest level of merits out there

How to build threat intelligence for your business by creating a honeynet (Techradar) Honey, I identified the threats!

How emerging threat intelligence tools affect network security (TechTarget) Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains

Executive Viewpoint 2015 Prediction: NetIQ — Protecting Unstructured and Toxic Data (Virtual Strategy Magazine) Driven by the expansion of unstructured and toxic data, in 2015, US organizations must expand their data protection to include access governance techniques

Gemalto outlines the security benefits of move to EMV chip cards for US Financial Issuers (Stockhouse) The countdown for U.S. banks and merchants to migrate to EMV is well underway and 2015 is shaping up to be a pivotal year in the payments industry

Google, Amazon, Microsoft pay to get ads past Adblock Plus (Naked Security) Ad-buying big boys Google, Amazon, Microsoft and the content marketing platform Taboola have quietly ponied up the money to keep their ads from being blocked on Adblock Plus, the world's most popular software for blocking online advertising

The Four Stages Of A Small Business Under Cyber Attack (B2C) With the growing number of cyber attacks on businesses — including Target, Home Depot, Kmart, and Staples — attacks can easily seem commonplace in today's increasingly connected world. Cyber attacks lead to exposed personal, financial and business information. These exposed documents may jeopardize the security of your customers' or employees' identities, create fraud within your business or simply leave you with a hefty IT bill to repair the damage

Design and Innovation

New Technology Detects Hacks in Milliseconds (BloombergBusiness) The past year in cybersecurity has seemed like the Year the Bad Guys Won. Power fingerprinting could change that

Research and Development

A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events (Georgia Institute of Technology) This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution, i.e. the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B

Legislation, Policy, and Regulation

China to ban online impersonation accounts, enforce real-name registration (Reuters) China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday

China's Great Firewall Is Rising (Foreign Policy) Technology and political will are converging to create a seamless nationwide Intranet — amid growing netizen anger

White House readies cyber executive action (The Hill) The White House is expected to release an executive action next week expanding administration efforts to facilitate cybersecurity information sharing between the private sector and Department of Homeland Security

3 incentives to encourage the adoption of the cyber framework (Federal News Radio) The White House decided the best way to get critical infrastructure providers to implement the Framework for Improving Critical Infrastructure Cybersecurity is through incentives around three main areas

New White House Rules on Surveillance Fall Short, Privacy Group Says (Wired) More than a year after leaks from Edward Snowden exposed a government program collecting bulk phone records, the Obama administration has failed to halt the practice that even its own advisers want to end

Obama's Surveillance Reform Extends Unmatched Privacy to Foreigners (Foreign Affairs) Though criticized by advocates for not going far enough, an Obama administration report Tuesday on steps to protect privacy and civil liberties has nevertheless achieved at least one thing: extending to foreigners the same protections available to Americans

Is Obama's $14 Billion Cybersecurity Request Enough? (Defense One) The Obama administration is hoping that Congress signs off on a 10 percent budget increase to protect computer networks across the federal government

Securing the Nation's Ports Against Cyberterrorism (In Homeland Security) Ports contribute approximately $3.15 trillion in business activity to the U.S. economy and handle more than 2 billion tons of domestic, import and export cargo annually, according to the American Association of Port Authorities (AAPA). So it is no surprise that physical protection and cybersecurity of ports is a high priority

Litigation, Investigation, and Law Enforcement

Show Me the Terrorists' Money? Easier Said Than Done (Cicero) ISIS is officially the richest terrorist group in existence. Through its illicit oil sales — worth between $1 million and $2 million a day — as well as kidnapping and extortion networks, robbery, front companies, racketeering, and outside donations, the group has amassed a $2 billion fortune

Intel chief warns U.S. tech threatened by China cyber theft (Military Times) The U.S. defense intelligence chief warned Tuesday that America's technological edge over China is at risk because of cyber theft

Digital Evidence Requires an Understanding of 'Cyberlaw' (Irish Times via Forensic Magazine) How is the criminal justice system learning to cope with the unique complexities of digital evidence, with the analysis of mobile phone data, satellite imagery and emails? And that's before you add in all the potentially sensitive material on social media sites such as Facebook, Twitter, YouTube, Flickr and Instagram

FBI to Ease National Security Disclosure Constraints on Firms (Wall Street Journal) Would let companies disclose compliance orders requesting business records

Silk Road Creator Faces Overwhelming Evidence (AP via Forensic Magazine) Silk Road Creator Faces Overwhelming EvidenceIn closing arguments, a prosecutor urged jurors to follow the "digital fingerprints" of the San Francisco man who created the underground website Silk Road and to convict him of operating a worldwide online drug network

FBI put Anonymous 'hacktivist' Jeremy Hammond on terrorism watchlist (Guardian) The prominent Anonymous "hacktivist" Jeremy Hammond, who participated in some of the hacking collective's most audacious cyber acts, was placed by the FBI on a terrorism watchlist

AnubisNetworks and Europol's European Cybercrime Centre Sign Memorandum of Understanding to Fight International Malware Threats (Marketwired) AnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, today announced a signed Memorandum of Understanding (MoU) with Europol's European Cybercrime Centre (EC3) to strengthen cooperation and combat the global threat of cybercrime. The MoU enhances the exchange of expertise, statistics and other strategic information between AnubisNetworks and EC3, heightening security efforts with increased collaboration and communication

Revenge-porn website operator Kevin Bollaert guilty of identity theft and extortion (Naked Security) The more than 10,000 victims of the revenge porn site ugotposted[.]com — which posted those individuals' stolen, explicit photos; their addresses; and links to their Facebook accounts — got their own revenge on Monday

Jeffrey and Mary Archer settle phone-hacking claim (Guardian) Author, his wife and their son James accept substantial damages from former publisher of the News of the World

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...

Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, February 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits,...

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port...

DEFCON | OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.