skip navigation

More signal. Less noise.

Daily briefing.

Lenovo continues bandaging its Superfish self-inflicted wound, but customer fears of vulnerability to man-in-the-middle attacks grow. (Komodia, whose SSL Digester is a key component of the much-reviled Superfish adware, coincidentally or not reports suffering a denial-of-service attack.) Facebook researchers find "more than a dozen" apps that use the questionable Komodia library.

Superfish is unfortunately not the only SSL-breaking piece of adware out there. PrivDog's standalone version (as opposed to the extension bundled with Comodo Internet Security) is also reported to expose users to man-in-the-middle attacks. Threatpost calls PrivDog "arguably worse than Superfish."

Reported SIM card hacks affecting Gemalto remain troubling (although Gemalto tells customers its investigation shows the cards remain safe to use). Other alleged intelligence service hacks prompt reconsideration of firmware vulnerabilities — Wired has a rundown.

Lizard Squad is back, still flacking its DDoS-for-hire service, this time through a DNS-poisoning attack on Google's Vietnam service. The attack is apparently a marketing stunt for Lizard Stresser, but one doubts it will draw many customers from the white-hat world Lizard Squad says it aspires to reach. This crew, which few analysts think contains many (any) Professor Moriaritys or Lex Luthors, continues poking at Sony and Microsoft, which causes some to wonder why large, well-resourced organizations continue to be troubled by Lizard Squad.

Industry inspects US Presidential cyber security initiatives with a hopeful but skeptical eye.

NSA Director Rogers describes his agency's views on privacy, security, deterrence, and international cyber norms (and engages in a free and frank exchange with Yahoo's CISO).

Notes.

Today's issue includes events affecting Afghanistan, European Union, France, Iraq, Iran, Ireland, Netherlands, South Africa, Turkey, United Arab Emirates, United Kingdom, United Nations, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

Security Researcher: Superfish Could Be Catastrophic (Top Tech News) Apparently, Superfish stinks worse than security Relevant Products/Services industry watchers first thought. There was an uproar when the world discovered Lenovo, the world's largest PC maker, has been shipping laptops pre-installed with a virus-like software Relevant Products/Services that puts customers in the line of hacker fire. But uproar may soon be an understatement

Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry (Ars Technica) CTO pledges new policy to prevent similar mishaps in the future

Komodia Website Under DDoS Attack (Threatpost) Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack

Superfish-like Vulnerability Found in Over 12 More Apps (Hacker News) 'SuperFish' advertising software recently found pre-installed on Lenovo laptops is more widespread than what we all thought. Facebook has discovered at least 12 more titles using the same HTTPS-breaking technology that gave the Superfish malware capability to evade rogue certificate

PrivDog Adware Poses Bigger Risk than Superfish (Threatpost) Move over Superfish. Another piece of shady adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014

Gemalto Hack May Have Far-Reaching Effects (Threatpost) Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it's safe to say that the operation has caused reverberations throughout the industry and governments in several countries

Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It (Wired) When Kaspersky Lab revealed last week that it had uncovered a sophisticated piece of malware designed to plant malicious code inside the firmware of computers, it should have surprised no one

Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service (Graham Cluley) The notorious Lizard Squad hacking gang has claimed another scalp, having successfully disrupted Google's internet presence in Vietnam

Lizard Squad Strikes Again: Why Can't Sony And Microsoft Protect Themselves? (International Business Times) The cybervandals known as Lizard Squad last week claimed responsibility for taking down Xbox Live — again. It's the same group that knocked out Microsoft's gaming network, as well as Sony's PlayStation Network, this past Christmas. So, how is the group so easily able to infiltrate gaming networks operated by two of the world's most sophisticated tech giants?

How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It (Forbes) Across October and November of last year, some unlucky users of the world's most popular Bitcoin wallet, Blockchain.info, and one of the better-known exchanges, LocalBitcoins, had their usernames and passwords silently pilfered. They were robbed of significant sums, probably tens of thousands of dollars worth of the virtual currency, possibly more. Security-focused email services, Riseup and Safe-mail were also targeted by the same crew. And according to the man who witnessed the attacks go off last year, Digital Assurance director Greg Jones, it looks like buyers and sellers of dark markets were the targets

Mobile Threat Monday: Telegram Has Unencrypted Copies of Secret Chat Messages (PC Magazine) Telegram users should be aware the messaging app's "Secret Chats" may not be so secret after all

Flaw makes Cisco routing hardware vulnerable to DoS attacks (Help Net Security) A serious vulnerability affecting the software of some of Cisco's routing hardware systems for telecommunications and Internet service providers could be exploited to mount DoS attacks, the company has announced in a security advisory

CVE-2015-0240: Samba Daemon Vulnerability (RedHat CVE Database) An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user)

Old Vulnerabilities Still Popular Targets for Hackers: HP (SecurityWeek) What is old may not always be new, but when it comes to hacking, it's still effective

Sony Pictures Cyber Attack Might Delay Actors' Residuals Checks (Deadline Hollywood) The recent cyber attack on Sony Pictures still is taking a toll: The studio has told SAG-AFTRA that its members' residuals checks might be delayed for three months because of the devastating hack on the company's computer systems

Security Patches, Mitigations, and Software Updates

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability (Cisco) A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic…Cisco has released free software updates that address this vulnerability

Buggy Norton Internet Security update crashes Internet Explorer (Graham Cluley) A buggy update pushed out to users of some Norton/Symantec security products caused a headache for Internet Explorer users on Friday evening

Chrome warns users of devious software that could impact Google's business (Computerworld) New alert appears before users reach sites likely to serve up software that silently changes the browser's home page

Microsoft sets email retention to forever in Office 365 (FierceCIO) Microsoft has updated its data retention policy for Exchange Online to retain deleted email messages forever

Patching Haste Makes Waste (Lumension Blog) Sometimes it's better if software patches don't come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy

Cyber Trends

Intelligence Communities Now Infiltrating Cyber World as Much as Adversaries (SIGNAL) As cybersecurity defenses improve, so do the breaching tactics and methods by adversaries driven to hack into commercial and government networks. And they are doing so at alarming speeds

4 reasons why physical protection is more similar to cyber security than you think (Information Age) Parallels between the way we approach 'real-life' security and equivalent practices in the cyber world are increasingly emerging

Driving cyberwar (Washington Examiner) A 14-year-old boy (who looked not a day older than 10, by all accounts) went to Radio Shack last July and purchased various electronic parts for about $14. He stayed up all night assembling a circuit board, and the following morning hacked into a new car, remotely gaining access to the vehicle

Year of Threat Intelligence Sharing (Sys-Con Media) Bringing structure to the chaos of big security data

Security Concerns Keep UK Firms Away from the Cloud (Infosecurity Magazine) Security and privacy concerns are the top cause of disappointingly low levels of investment in cloud services by UK organizations, according to a new KPMG study

Mideast tops world in cyber security priority (Trade Arabia) More than half of business and government leaders in the Mena region identify cyber security as a strategic priority, compared to only 23 per cent in the US and 36 per cent in UK/Europe, a report said

Marketplace

Cyber insurance: Dare leave home without it (Washington Examiner) When a mid-February report revealed that more than 100 banks were hacked in what appears to have resulted in over $1 billion stolen from these financial institutions, it was just another reminder of how ubiquitous cyberattacks have become

Experienced employees needed in cyber security in Mena: Raytheon study (Gulf News) Senior leadership in Mena places greater importance on cyber security

UBS Has 3 Must-Own Cybersecurity Software Stocks (24/7 Wall Street) Probably the most alarming aspect of the continued rise in cybersecurity threats and attacks is the sophistication that current hackers and criminals have. From almost anywhere in the world they have targeted the highest security platforms with what sometimes seems like impunity. A new research report from UBS concurs and believes that cyber-criminals are only becoming more sophisticated. The analysts feel that combined with increasing attack surfaces, such a hostile threat landscape should sustain security software's elevated priority within corporate and government information technology budgets

Why JPMorgan Downgraded Cyberark Software Ltd To Underweight (Bidness Etc.) CyberArk Software was downgraded by JPMorgan to from Neutral to Underweight over valuation concerns, given the stock's hefty rise since its went public last year

Partnership between the State and Cisco: the American CEO who chose France (Gouvernement.fr) "The Government is far more attentive. I can feel it has reached something of a turning point just now", John Chambers, CEO of network equipment world leader Cisco, explained during an interview on French channel BFM TV. The company signed a partnership with the French Government on Monday 16 February. The Prime Minister was happy about the signing of the agreement, which represents a development opportunity and an avenue for growth, competitiveness and employment for France

DISA suspends $1.6B VMWare RFP deadline amid protests (C4ISR & Networks) The Defense Information Systems Agency on Feb. 19 suspended indefinitely a deadline for proposals for a joint enterprise licensing agreement with server-virtualization giant VMWare that would be worth roughly $1.6 billion

Nclose, FireEye confirm strategic partnership (IT Web) Nclose is pleased to announce its strategic partnership with FireEye, the leader in the field of real-time cyber threat detection

Products, Services, and Solutions

New tools can detect hidden malware (Network World via CSO) We tested new security appliances from Damballa, Lancope and LightCyber that are designed to detect the latest cyber-attacks

ORNL licenses malware detection technology (GCN) Oak Ridge National Lab recently announced that malware forensics detection and software assurance technology it had developed was licensed to the private sector

Hillstone Adds Behavioral Intelligence to Its Firewalls to Detect Breaches Earlier (BusinessWire) Advanced behavioral analytics with rich forensics shorten the time between compromise and detection, making networks healthier and more secure

Need Cyber Protection? Avast for Business Offers it Free (SmallBizTrends) Small businesses need to remain vigilant against cyber attacks. The natural reaction is to throw a lot of money at potential security breaches. Businesses often have two choices

Spytector Employee Monitoring Made Easy (Review) (HackRead) It is somewhat a proven fact that Computer & Internet have brought a new era of productivity into the human life in a number of aspects. That being said, the same computers and internet connectivity options seem to become one of the notable reasons for distraction — especially when it comes to companies that provide computers to employees for accomplishing tech-assisted tasks. Obviously, as it does not make sense to be in front of every PC and check whether an employee is misusing his or her computer or internet connection, we are here with an impressive solution for you — Spytector keylogger. In this post, we shall have an in-detail review of Spytector, having a look at various aspects of the tool

Snapchat tells teens: Keep your clothes on! (Naked Security) Ahh, Valentine's Day: the day of romance, filled as it is with roses, chocolate, and college kids sneaking into football stadiums to have sex and chronicle it on Snapchat

Tumblr blocks torrent-related posts from search results, along with adult content (Naked Security) What does the word "torrent" have in common with the word "p**is"? As of last week, both words are now blocked from turning up in Tumblr search

Google will ban adult content on its blogging platform (Quartz) Google has updated its policies on Blogger, its blogging platform, to preclude new users from hosting adult content. Blogs that are created after March 23 and contain "images and video that are sexually explicit or show graphic nudity" may be summarily deleted. Existing blogs will be set to private; the only way to visit them will be for the blog owner to explicitly give permission to individual browsers

Technologies, Techniques, and Standards

Three crucial steps to avoid being clobbered with a huge data breach fine (TechRadar) Why Governance, Risk and Compliance should move into the boardroom

How important is the critical information infrastructure? (Help Net Security) ENISA issued methodologies for the identification of Critical Information Infrastructure (CII) services in communication networks

BYOD: Cost-Saver or Hidden Expenditure? (Cloud Wedge) According to analyst firm Gartner, half of employers will require employees supply their own devices for work by 2017. Although BYOD has been widely touted as a productivity driver and the IT department's support system, enterprises need to carefully evaluate whether BYOD is truly cost-effective or not

3 Questions Every CISO Should Answer (eSecurity Planet) FireEye's Kevin Mandia has a few key questions for CISOs

Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall (Internet Storm Center) This will walk you through the steps of subscribing to our top 20 block list on a Palo Alto Networks firewall. It will also show you how to make a rule using the external block list. You can create a rule to block both inbound and outbound, however in this instruction it will include only an outbound rule. Any traffic transiting outbound from an internal host to this list on the top 20 should be considered suspect, prevented, and then investigated

Design and Innovation

How 'Power fingerprint' could improve security for ICS/SCADA systems (Networks Asia) Most people have heard that one way law enforcement can figure out who might be growing marijuana in their basement is to monitor power consumption

Trey Ford on Mapping the Internet with Project Sonar (Threatpost) Trey Ford from Project Sonar describes the group's initiative at Kaspersky's Security Analyst Summit. The Rapid7 service scans public networks for applications, software, and hardware, then analyzes that cache of information to learn trends and gain insight on common vulnerabilities

Research and Development

DOJ R&D Agency Awards Grants For Speedier Digital Forensics (Dark Reading) The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement

Military could be using high-tech speech software by 2017 (USA Today) The Pentagon could be able to listen in on voice communications in difficult environments and then quickly translate and transcribe them for use by intelligence analysts and combat troops by 2017, according to the Defense Advanced Research Projects Agency

Constructing Cyberterrorism as a Security Threat: a Study of International News Media Coverage (Perspectives on Terrorism) This article examines the way in which the English language international news media has constructed the threat of cyberterrorism. Analysing 535 news items published by 31 different media outlets across 7 countries between 2008 and 2013, we show that this coverage is uneven in terms of its geographical and temporal distribution and that its tone is predominantly apprehensive. This article argues that, regardless of the 'reality' of the cyberterrorism threat, this coverage is important because it helps to constitute cyberterrorism as a security risk. Paying attention to this constitutive role of the news media, we suggest, opens up a fresh set of research questions in this context and a different theoretical approach to the study of cyberterrorism

Academia

St. Mary's University unveils Cybersecurity master’s degree (St. Mary's University) Graduate courses teach skills needed to combat cyberattacks

NSA, DHS again honor SCSU computer security program (SC Times) Two federal government agencies have again recognized St. Cloud State University for its information assurance programs

Legislation, Policy, and Regulation

The Impact of the Dark Web on Internet Governance and Cyber Security (CIGI and Chatham House) With the Internet Corporation for Assigned Names and Numbers' contract with the United States Department of Commerce due to expire in 2015, the international debate on Internet governance has been re-ignited. However, much of the debate has been over aspects of privacy and security on the visible Web and there has not been much consideration of the governance of the "deep Web" and the "dark Web"

Turkey Seeks National Plan for Cyber Threats (DefenseNews) Turkey is seeking to build a national framework that would incorporate all future anti-cyber activity and programs, a senior procurement official said

NSA's Rogers makes the case for cyber norms (FCW) Adm. Michael S. Rogers said Iran "has demonstrated a clear ability to learn from the capabilities and actions of others." Clearer international norms and concepts of deterrence can help prevent cyber conflicts from spiraling out of control, National Security Agency Director Adm. Michael Rogers told a crowd of cybersecurity professionals Feb. 23

NSA director wants gov't access to encrypted communications (IDG via Computerworld) The U.S. should be able to craft a legal framework to let government agencies read encrypted data, Rogers says

Yahoo Executive Confronts NSA Director Over 'Backdoors' (Wall Street Journal) In one of the most public confrontations of a top U.S. intelligence official by Silicon Valley in recent years, a senior Yahoo Inc.YHOO -1.33% official peppered the National Security Agency director, Adm. Mike Rogers, at a conference on Monday over digital spying

Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors (Just Security) NSA Director Adm. Mike Rogers squared off against top security experts from the tech industry today in a series of exchanges that illustrated the chasm between some leading technology companies and the intelligence community about the value of giving government built-in access to the encrypted data of tech firms' customers

Cyber threat challenges military structure (FCW) Lieutenant General Edward C. Cardon suggested rotating private-sector experts into Army Cyber Command for two-year stints. The diffuse nature of computer networks challenges the U.S. military's traditional, top-down way of operating, said Lt. Gen. Edward Cardon, head of Army Cyber Command. That discrepancy, he added, means the military must be flexible in its organizational approach to cyberspace

As Homeland Security Steps Up Cybercrime Fight, Tech Industry Wary (NPR) The Department of Homeland Security has become the unlikely hero of the new White House campaign to stop cybercrime — this despite a history of mismanagement and the looming cutoff of its funding. To succeed, the big bureaucracy will have to inspire trust and compete against similar efforts by the tech industry

White House official pooh-poohs cyber information sharing for the sake of sharing (FierceGovernmentIT) The Obama administration is full bore on cyber threat information sharing, issuing an executive order, pushing the Hill to act and even standing up a new agency. But White House Cybersecurity Coordinator Michael Daniel warned against sharing just for the sake of sharing, adding it's important that it actually achieve something

Executive order meant to apply internationally, says Schwartz (FierceGovernmentIT) The executive order issued by the White House Feb. 13 will enable private sector companies to better share cybersecurity threat information, whether they're domestic or international entities

Continuous Diagnostics and Mitigation capability requirements need re-prioritization (Help Net Security) There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures

Perceptive Privacy Protectors Push for IoT Privacy Protections (Infosec Island) Still relevant lessons in security economics

Should we strike back against hackers? (IT World Canada) This week, IT security firm Kaspersky revealed that over 100 banks had been hacked across some 30 countries. The hackers, who had been at it for at least two years, made up to $1bn in ill-gotten gains, the firm said, adding that hackers were now attacking banks directly rather than stealing money from their customers. Some banks are reportedly so ticked off with the sustained hacking campaigns against them that they want to take matters into their own hands and strike back directly against hackers. But is this a good idea?

JIE: How DOD is building a bigger network that's also a smaller target (Defense Systems) Faced with growing and more sophisticated cyber threats to U.S. military networks, Defense Department officials openly acknowledge that in its current state DOD's legacy information architecture is not in a strongly defensible position. When it comes to defending DOD networks, they point to capability gaps in dealing with increasingly menacing cyber threats that have left their systems at risk from attack

FCC Republicans launch last-ditch effort to sink net neutrality plan (Ars Technica) Vote scheduled for Thursday, but Pai and O'Rielly want at least a month's delay

Litigation, Investigation, and Law Enforcement

Wall Street Banks and Law Firms Pairing up to Take on Cybercrime (PYMNTS) That banks are under constant threat of cyberattack is well known — just last week PYMNTS reported on an international bank hack that robbed 100 banks worldwide of an estimated $900 million. Now Wall Street banks and the big law firms that serve them want to do something about it — together

How your phone and fitness band could end up giving evidence against you (Guardian) In criminal proceedings from accident claims to terrorism charges, how should the authorities strike the appropriate balance between justice and privacy?

#SPYCABLES: Iranian Spy Operations in SA Revealed (Eyewitness News) A dossier claims Iranian agents used cellphone & Persian rug shops as well as news agencies as a cover

Chinese cyber attack on Joint Strike Force program failed to unearth classified information, says US General Christopher Bogdan (News.com.au) The head of the Pentagon's $500 billion US Joint Strike Fighter program says attempts by Chinese cyber spies to steal classified information about the project had failed

More watchful eye needed on 'dark Web' and cybercriminal activities, notes new paper (FierceGovernmentIT) Security researchers and government investigators need to be watchful and respond to illicit activities emerging from the "dark Web," the intentionally hidden portion of the World Wide Web that hosts many cybercriminal enterprises, a new research paper says

Is the Internet hiding a crime wave? (Help Net Security) The U.S. crime rate continues to fall, according to the latest FBI's release based on Uniform Crime Reporting from police departments, but researchers say those numbers, which have been on a downward slide since the 1990s, don't tell the whole story

Rejection of NSA whistleblower's retaliation claim draws criticism (McClatchy) Thomas Drake became a symbol of the dangers whistleblowers face when they help journalists and Congress investigate wrongdoing at intelligence agencies. He claims he was subjected to a decade of retaliation by the National Security Agency that culminated in his being charged with espionage

Edward Snowden's big regret (Graham Cluley) Hot on the heels of "Citizen Four", the documentary of Edward Snowden, winning a well-deserved Oscar, director Laura Poitras, journalist Glenn Greenwald and Snowden himself participated in an "ask me anything" chat on Reddit

LinkedIn premium users to get $1 each in password-leak settlement (Ars Technica) LinkedIn denies wrong-doing, but will salt and hash all passwords going forward

Facebook still breaking privacy laws despite updated terms — report (Silicon Republic) Despite announcing an update to its privacy policy last month, a new report from privacy organisations has shown that Facebook continue to violate a number of EU laws from its base in Ireland

Tech Firm Fights Alleged Jihadi Link (Courthouse News Service) An online education website is "being used to educate jihadists in the art of hacking," a network security company claims in court

Alleged US Army hacker Lauri Love wants his computers back (Naked Security) A British man arrested on suspicion of hacking into the computer systems of the United States Army and other federal agencies is petitioning for the return of his encrypted computers and storage devices

Hacker Extorts Bitcoin Ransom From Illinois Police Department (AP via Huffington Post) A suburban Chicago police department paid a hacker a $500 ransom to restore access to data on a police computer that the hacker had disabled through the use of an increasingly popular type of virus

Secrecy around police surveillance equipment proves a case's undoing (Washington Post) The case against Tadrae McKenzie looked like an easy win for prosecutors. He and two buddies robbed a small-time pot dealer of $130 worth of weed using BB guns. Under Florida law, that was robbery with a deadly weapon, with a sentence of at least four years in prison

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Upcoming Events

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

The Future of Cybersecurity Innovation (Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Boston SecureWorld (Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Mercury Proposers' Day Conference (IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security...

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown...

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.