skip navigation

More signal. Less noise.

Daily briefing.

Reports assert that Sony's hackers exploited a zero-day vulnerability in their assault on the film company. (What that zero-day may have been is left unspecified due to its "sensitivity.")

CyberBerkut is tied more closely to recent attacks on German government sites. One of their operatives, "Mink," is said to be Australian, which indicates how geographically broad a net governments cast when they trawl for useful idiots ("полезные дураки," as Lenin might or might not have called them) in cyberspace.

Recorded Future continues its look at Lizard Squad, and finds its members are about what one would expect.

ComRAT and CryptoWall 3.0 continue to operate against their targets, respectively military and civilian. Analysts describe the workings of Vawtrak and Tyupkin malware families.

New vulnerabilities and proof-of-concept attacks are described.

Oracle and Ubuntu issue patches.

Corporate boards take cyber risk management to heart.

The US President's State of the Union address, much anticipated by the cyber sector, appears to have driven a rise in security industry story stocks. Last night's speech prominently featured President Obama's proposed cyber legislation, which he pointedly dropped in Congressional laps. Observers like information sharing, are dubious about disclosure rules, and don't at all care for what many see as entrusting civil liberties in cyberspace to prosecutorial discretion. Defense Department cyber roles and missions will probably serve as a bellwether for legislative direction.

The US and UK make their already close cyber cooperation closer still. (The lads from Malvern really want a share of the US cyber market.)

Notes.

Today's issue includes events affecting Australia, China, France, Germany, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Here's What Helped Sony's Hackers Break In: Zero-Day Vulnerability (Re/code) The hackers behind the devastating attack against Sony Pictures Entertainment late last year exploited a previously undisclosed vulnerability in its computer systems that gave them unfettered access and enabled them to reach and attack other parts of the studio's network

Hacktivist Group CyberBerkut Behind Attacks on German Official Websites (TrendLabs Security Intelligence Blog) A pro-Russian group called CyberBerkut claimed responsibility for a recent hack on certain German government websites in early January. We were able to gather some information on some of its members based on Pastebin data that had been leaked by the Ukrainian nationalist political party (Pravy Sektor)

Australian "Mink" link to pro-Russian attacks on Merkel's website (CSO) Australian "Mink" link to pro-Russian attacks on Merkel's website

Report: NSA not only creates, but also hijacks, malware (IDG via CSO) In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware

Lizard Squad: Two Bot Thugs (Recorded Future) Web intelligence has led to an analysis of Lizard Squad's Linux botnet, LizardStresser or lizardstresser.su. Further link analysis of an email address associated with LizardStresser led to the discovery of a Windows botnet on ernsthaft.su. Analysis of key cyber personas in Lizard Squad via their Twitter accounts through Recorded Future illuminated their interest in illegal drugs, thugs, guns, and Nazis

Mystery ComRAT cyber-surveillance tool still going strong, researchers confirm (TechWorld) Son of Agent.btz that stalked US military in 2008

Traffic Patterns For CryptoWall 3.0 (Internet Storm Center) Various sources have reported version 3 of CryptoWall has appeared. This malware is currently seen from exploit kits and phishing emails. CryptoWall is one of many ransomware trojans that encrypt the personal files on your computer and demand a bitcoin payment before you can unlock them

Navy: China has not attacked U.S. aircraft carrier (Military Times) The aircraft carrier George Washington has not been attacked, and World War III has not begun, despite what tweets from United Press International say, the Navy has confirmed

Tyupkin ATM Malware Analysis (Infosec Institute) Some time ago, Kaspersky discovered and reported a new type of malicious program called Tyupkin, which targets ATM machines by moving beyond targeting consumers with card skimmers that steal debit card numbers to directly getting cash from an ATM without the need for a counterfeit or stolen card

GoDaddy CSRF Vulnerability Allows Domain Takeover (Breaking Bits) An attacker can leverage a CSRF vulnerability to take over domains registered with GoDaddy. The vulnerability has been patched

Like a Nesting Doll, Vawtrak Malware Has Many Layers (Threatpost) Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll

Potential Code Execution Flaw Haunts PolarSSL Library (Threatpost) There is a vulnerability in PolarSSL, an open-source SSL library used in a variety of products, that could enable an attacker to execute arbitrary code under some circumstances

Memory Corruption Bugs Found in VLC Media Player (Threatpost) There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines

Academics Use Siri to Move Secrets Off Jailbroken iOS Devices (Threatpost) Attackers living on any network are all about one thing: persistence. They want to get on quietly and stay on quietly. But what about moving stolen data off a network? How quiet can that be?

Backdoor in a Public RSA Key (Kukuruku) Hello, %username%! When I saw how it works, say that I was shocked is to say nothing

Gamers hit with trojanized versions of official League of Legends releases (Help Net Security) Computer security experts often advise to users to download games, apps, documents, software and software updates directly from the original source (the manufacturer) or from reputable online stores

Hacker hits Australian travel insurer, leaks records of 800,000 customers (Help Net Security) Personal and limited financial information of over 800,000 customers of Australian travel insurance company Aussie Travel Cover have been stolen by a hacker that goes by the online handle "Abdilo" and is believed to be a member of the infamous Lizard Squad

Vivino wine-lovers' app leaked personal information (Hot for Security) Vivino, a popular smartphone app, that allows wine-lovers to scan their favourite bottles of plonk and share recommendations with their friends, has left a sour taste in the mouth — after a security researcher found a privacy vulnerability

"Cheaper car insurance" dongle could lead to a privacy wreck (Naked Security) US researcher Corey Thuen decided to take a closer look at an add-on ICS device plugged into his car?

11% of Android banking and finance apps are dangerous (Help Net Security) RiskIQ found that more than 40,000 of the 350,000 apps which reference banking in the world's top 90 app stores contain malware or suspicious binaries. Another 40,000 contained dangerous permissions

Dark Technology: Are You (Unknowingly) Putting Your Organization At Risk? (Tripwire: the State of Security) Dark Technology: Are You (Unknowingly) Putting Your Organization At Risk?

Looking Back (and Forward) at PoS Malware (TrendLabs Security Intelligence Blog) 2014 became the year that placed PoS (point-of-sale) threats in the spotlight. Make no mistake — PoS threats have existed for years. However, the Target data breach last January was the first incident that made the general public notice this threat

'123456' & 'Password' Are The 2 Most Common Passwords, Again (Dark Reading) New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos

Security Patches, Mitigations, and Software Updates

Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable (Naked Security) Unlike Microsoft, which wants to wean us all off the word "Patch" and onto the word "Update," Oracle has always embraced both those terms

Ubuntu Patches Several Security Flaws (Threatpost) Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu

Cyber Trends

Security priorities shifting to preventing breaches, improving internal controls (CSO) For the first time, companies are worried more about preventing a breach than on passing a compliance audit

Is social media the weak link in the fight against cyber attacks? (Conversation) Improved cybersecurity for governments and the private sector is expected to feature in US President Barack Obama?s annual State of the Union Address delivered on Tuesday night (US time) to Congress

Gap between perception and reality of cyberthreats widened in 2015 (CSO) There is a widening gap between what security executives believe to be true and the reality of cyberthreats

People are increasingly worried about privacy, say legal protections fall short (IDG via CSO) Internet users in countries such as France, Germany and the U.S. are increasingly worried about the impact technology has on privacy, and feel legal protections are insufficient?

Paper, Plastic or Compromised Security? The Point-of-Sale Risk in the Internet of Things (CIO) As technology becomes smarter and more intuitive, conveniences like tableside payment kiosks in busy restaurants have become more commonplace, leading to highly personalized (and time-saving) experiences for consumers. This is just one example of how the Internet of Things creates a unique opportunity to improve people's daily lives

Oh, the places IoT will go… or will it? (FireceCIO) Google's announcement about pulling Glass from the shelves is a reminder about how early we are in the process of IoT adoption

The next frontier of hacking: your car (Vox) Hacking is about to get more dangerous

World Economic Forum Warns About "Global Threat" of IoT Hacking (Gizmodo) You know that character in some horror films who warns unsuspecting (usually) teenage victims of their impending death? The World Economic Forum's Global Risks report is kind of like that guy, filled with doom but offering damn good advice on how to stay alive. This year, the report focused on the internet of things?

New Year, New Threats: Electronic Health Record Cyberattacks (Government Technology) The recent flood of cyberattacks means that hackers are relentless and more sophisticated than ever before

Organizations in KSA exposed to cybercrime risks as threats become sophisticated in 2015 (Saudi Gazette) While organizations in Saudi have existing security strategies in place that provide defense against a range of cyber attacks, today's sophisticated threat landscape exposes organizations to a number of risks for which they are not prepared

Obama talks cybersecurity, but Federal IT system breaches increasing [Updated] (Ars Technica) Security incidents on federal IT systems have increased more than 1,000 percent

Marketplace

Cybersecurity stocks gain on pending Obama proposals (Seeking Alpha) The White House has disclosed Pres. Obama will outline this week "a series of legislative proposals and executive actions that will be in his [Jan. 20] State of the Union that will tackle identity theft and privacy issues, cybersecurity, and access to the Internet."Several security tech plays, some of whom received a lift last month from the Sony hack and its fallout, are higher in spite of a 0.9% Nasdaq drop. FEYE +4.5%. CUDA +6.9%. PANW +1.2%. CYBR +1.7%. PFPT +1.3%

Cyber resilience core to safeguarding investment value (COOConnect) The warning by the Bank of England's Financial Policy Committee last month that financial firms in the UK are underestimating the threat of cybercrime, coupled with recent high-profile blow-by-blow media accounts of companies under attack, are set to keep cyber resilience firmly on corporate governance agendas. For private equity firms, such risks pose fundamental challenges. Cyber attacks have a significant impact on victims, with some 60% of small firms forced to close within six months of an attack, according to the US National Cyber Security Alliance

Cyber security finally has the attention of the boardroom (ITProPortal) The majority of companies feel that their board is fully on cyber issues, but a third deem it a "top risk"

IT security in 2015: Is this the year the boardroom actually cares? (ITProPortal) Following our look at the common prediction trends for 2015, and identifying both major flaws and expanding ransomware as trends worth looking at, the next timely trend looks at the boardroom

Don't delegate cyber risk management responsibility (Information Age) The responsibility of managing and overseeing the cyber risk in an organisation must sit at an the executive level

Lack of communication biggest hurdle to cyber risk awareness (Actuarial Post) Board communication within FTSE 350 remains biggest hurdle to cyber risk awareness

Failure by firms to understand security adds pressure to channel (MicroScope) Most of the research that came out of the research community last year seemed to be encouraging when it came to charting the progress of security onto the boardroom agenda

Microsoft Is Teaching Cybersecurity to Cities Around the World — For Free (Wired) Cybersecurity isn't just an issue for the feds and big companies like Google and Facebook. Cities of all sizes around the world are increasingly reliant on information systems that could be vulnerable to attack

Commando theft of Nazi radar turned English town into cyber valley (Stars and Stripes) On a winter's evening in 1942, a daring raid by British commandos to steal a German radar on the French coast set in motion a series of events that would see a small town, nestled in middle England, become a leading cyber-defense hub

UK goes to Hollywood: Cyber security firms brief Cameron and Obama in US (ITProPortal) The visit by the Prime Minister to Washington to discuss global security issues with President Obama saw a number of UK security firms attend and brief David Cameron

Amendment to Combined Synopsis/Solicitation — for Information Assurance, Operations and Compliance, Systems and Technology Support Services (Insurance News Net) This announcement is prepared and posted in accordance with Federal Acquisition Regulation (FAR) Subpart 5.2 to notify potential Offerors of a solicitation for services for the Defense Microelectronics Activity (DMEA). Solicitation number HQ0727-15-R-0003 requests proposals for for Information Assurance, Operations and Compliance, Systems and Technology Support Services for all Defense Microelectronics Activity (DMEA). The objective of this contract is to acquire services for Information Assurance, Operations and Compliance, Systems and Technology Support Services for all Defense Microelectronics Activity (DMEA) information technology,networking, communications, safety, surveillance, and critical infrastructure software, systems, and applications

Cybersecurity contractor opens center in Augusta (Augusta Chronicle) Chiron Technology Services, a Maryland-based cybersecurity company, opened a Regional Cybersecurity Development Center Jan. 1 on Interstate Parkway, according to local real estate company Sherman & Hemstreet

Cloud Security Startup Elastica Takes Channel Approach For Growth (CRN) Cloud security startup Elastica came out of stealth mode last year and new channel chief Jarrett Miller, who is building out the company's fledgling channel program, said this week that it inked a reseller deal with Accuvant

LockPath Prepares for 2015 by Doubling Executive Team (Marketwired) LockPath Inc. has added four members to its executive team in the past month to enhance the company's ability to serve its growing client base, lead its expanding workforce and execute its growth strategy in 2015

CyberSecurity.com Acquired by Adam Strong (Domain Investing) 2014 was a big year for Adam Strong. His company sold the high profile domain names Racing.com and BTC.com, and he also privately acquired quite a few keyword domain names, such as Strong.com

Recruit, Reward & Retain Cybersecurity Experts (Dark Reading) How to create a better working environment for security professionals

Products, Services, and Solutions

Startup Spotlight: ThreatStream's Threat Intelligence Platform (eSecurity Planet) Getting customers to share information with each other is a key part of ThreatStream's new spin on threat intelligence, a platform called Optics

Technologies, Techniques, and Standards

World Economic Forum Proposes New Cyber Risk Framework (SecurityWeek) With the annual World Economic Forum meeting in Switzerland just days away, the organization and its partners have released a new framework designed to help businesses calculate the impact of cyber-threats

Partnering for Cyber Resilience Towards the Quantification of Cyber Threats (World Economic Forum) Threats grow with the rapid expansion of data-driven technologies. The convergence of web, cloud, social, mobile and Internet of Things platforms is inherently oriented to sharing data, not security. As these technologies expand in use, so do the risks, making cyber risk management imperative to organizations today

Heightened cyber threat demands risk focus (Actuarial Post) Cyber and terrorism have been rated the most significant emerging risks facing the insurance and reinsurance sector in 2015, according to a survey of US industry executives. It is a sentiment reflected by the UK government, which last month convened a group of CEOs from the country's largest insurers, to encourage collaboration and "to make the UK one of the safest places to do business in cyberspace". While the insurance sector is set to play a key role in minimising the long-term financial fallout from an attack, cyber risks cannot be tackled with insurance alone

Network Segmentation: A Best Practice We Should All be Using (Infosec Island) It would be nice to be able to say that we are winning the war; that network security efforts are slowly getting the better of the bad guys. But I can't do that. Despite all the money being thrown at security tools and hosted services, the cyber-thugs are improving their game at a faster rate than we are. The ten worst known cyber security breaches of this century have all taken place since 2008, and 2013 and 2014 are notorious for their information security incidents

Bash data exfiltration through DNS (using bash builtin functions) (forsec) After gaining 'blind' command execution access to a compromised Linux host, data exfiltration can be difficult when the system ibinbash2s protected by a firewall. Sometimes these firewalls prevent the compromised host to establish connections to the internet. In these cases, data exfiltration through the DNS-protocol can be useful. In a lot of cases DNS-queries are not blocked by a firewall. I've had a real life situation like this, which I will describe later on

Exploit Pack — Open Source Security Project for Penetration Testing and Exploit Development (Kitploit) Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the features, for example: automatic exploit launching, full report capabilities, reverse shell agent customization, etc. Exploit Pack is fully free, open source and GPLv3. Because this is an open source project you can always modify it, add or replace features and get involved into the next project decisions, everyone is more than welcome to participate. We developed this tool thinking for and as pentesters. As security professionals we use Exploit Pack on a daily basis to deploy real environment attacks into real corporate clients

Discovering and remediating an active but disused botnet (Colin Keigher) On a network I help manage, we kept getting malicious DNS alerts for "luna1.pw" on an appliance we had installed. Due to the way the network was configured, we were able to see the name request coming in but no traffic activity. This was unusual because the appliance was configured to monitor all traffic but why was it not picking up anything further than what it was reporting? Why didn't the supposed malware connect? Resolving the domain lead to an answer

Finding Privilege Escalation Flaws in Linux (Internet Storm Center) We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that many users have access to, it can be difficult to monitor them all for compromised credentials. Systems with web servers often suffer from web application flaws that can be used to execute code as the web server, which then can be used to gain root access via a privilege escalation flaw

Why Effective Computer Security Means Covering All Your Bases (eWeek) LinkedIn's head security honcho shares his proactive security strategy, which begins with everyone buying in

Design and Innovation

New Technology Detects Cyberattacks By Their Power Consumption (Dark Reading) Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test

New technology that identifies users vulnerable to cyber attack based on behavioral and psychological characteristics (Phys.org) Fujitsu Limited and Fujitsu Laboratories Ltd. have announced the development of the industry's first technology for identifying users vulnerable to cyber attacks based on the ways they use their computers, such as their e-mail and web activities. This will make it possible to implement security measures tailored to individuals and organizations

Research and Development

Artificial-Intelligence Experts to Explore Turing Test Triathlon (IEEE Spectrum) Intelligentsia of AI will gather to come up with a battery of alternatives to the traditional Turing test

Does Facebook know you better than your friends and family do? (Naked Security) Image of experiment courtesy of ShutterstockWhat if a computer could predict your behavior and understand your personality better than your coworkers, friends, siblings, and even your spouse do?

Legislation, Policy, and Regulation

Hey France, Don't Do What We Did After 9/11 (Daily Beast) Were the Charlie Hebdo attacks France's 9-11? If so, France, then please: Don't follow our example, and don't become what we became

British Spy Agency Has Its Eye on Investigative Journalists (Sputnik News) As some of the West's most senior cyber-security defence chiefs meet in London, fresh documents revealed by former CIA contractor Edward Snowden — now living in Moscow — show that the UK intelligence agency GCHQ has hacked thousands of emails from journalists

GCHQ took less than 10 minutes to covertly scoop up 70,000 emails — and it's a disgrace (Hot for Security) It's a strange and disturbing world we are living in

Who's Got the Chops to Run a Transatlantic Cyberspy Cell? (Nextgov) The success of a newly announced U.S.-U.K. cyberspy unit in many ways will depend on its yet-to-be named leaders, who, digital investigators say, will be hard to find

First U.S.-U.K. Cyber 'War Game' to Target Banks (CFO) Financial institutions will be first up in the countries' new series of war games designed to thwart cyber-crime

Obama Calls for Tough Legislation to Combat Cyber-Attacks (Wall Street Journal) In State of the Union speech, President warns U.S. faces heightened risks if policy makers don't act

Obama Says Stricter Cybersecurity Laws Needed To Combat Hackers In His State Of The Union Speech (International Business Times) U.S. President Barack Obama said that new cybersecurity laws are necessary to address hacking, identity theft and cyberwarfare in his annual State of the Union address on Tuesday evening. Critics say the new laws are overly harsh and could impede computer security research in the U.S

The Pentagon Angle on Obama's State of the Union Cybersecurity Pitch (Roll Call) The role of the Pentagon in President Obama's proposed cybersecurity legislation — expected to get the spotlight in Tuesday evening's State of the Union speech — could decide its fate in Congress

State of the Union: President Obama's cyber-security ideas spark skepticism, fear among techies (Oregon Live) The president didn't do that. He held onto the mic and kept talking. For much of the speech he zeroed in on "middle-class economics": Tax reform, affordable childcare, paid sick leave, equal pay and, perhaps his signature proposal, free community college

7 Reasons Security Wonks Should Watch the State of the Union Tonight (Wired) President Obama has left few questions about what he plans to unveil in his State of the Union address tonight, having dropped several previews in the last two weeks about legislation the White House is proposing. He will undoubtedly go into more detail tonight at 9 p.m. ET, and we will be watching specifically to hear him expand on comments already made about proposed changes to cybersecurity legislation

Obama cybersecurity proposals: 'Devil is in the details' (Al Jazeera: the Scrutineer) In a preview of next Tuesday's State of the Union address, President Obama spent this week rolling out a long list of new cybersecurity initiatives that includes legislation to protect consumers' private data

The Hypocrisy of U.S. Cyber Policy (TechCrunch) The breakneck growth in internet usage over the past two decades has forced policymakers to confront a host of challenges, from how to regulate the sharing economy to who owns the infrastructure behind the "tubes" themselves. While tempers have flared on a number of these issues, I tend to give the benefit of the doubt to policymakers. The transformation of our society has been so complete and rapid, we simply can't expect the rebuilding of our laws to be a simple proposition

Bold reform needed to strengthen U.S cybersecurity (Help Net Security) Mr. President, the status quo in cybersecurity is failing the U.S. It is failing the commercial sector, which is being publicly breached on a weekly basis, and it is failing the government as well. It is time to take bold and decisive action to stop these dangerous and embarrassing hacks before they cause further damage and erode the confidence that is vital to the U.S. economy

GOP faces Patriot Act choice (The Hill) Republicans have a choice to make

Litigation, Investigation, and Law Enforcement

Microsoft Gave Data on Charlie Hebdo Probe to FBI in 45 Minutes (Bloomberg) Microsoft Corp. (MSFT) handed the FBI data linked to the Charlie Hebdo probe within an hour of being asked, showing that the system can work and that extra snooping should only happen if strictly regulated, the company's top lawyer said

Microsoft and the US government fight over data in the cloud (WinBeta) The battle of big business versus big government is being fought among the clouds or at least among Microsoft's international cloud servers. Microsoft's director of cyber security and cloud strategy has shared a post titled 'Privacy considerations in a cloudy world.' The post highlights points regarding Microsoft's cyber security made by their Chief Privacy Officer in a video (embedded below). Microsoft is amidst a battle with the government when it comes to protecting their user's data

UPDATE 1-Pentagon says classified data on U.S. F-35 jet fighter program remains secure (Reuters) The Pentagon on Tuesday said classified data about the $399 billion F-35 fighter jet program remains secure, despite fresh documents released by NSA whistleblower Edward Snowden last week which said China stole "many terabytes" of data about the jet

Nearly all US arms programs found vulnerable to cyber attack (IT News) Nearly every US weapons program tested in fiscal 2014 showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software, the Pentagon's chief weapons tester revealed in his annual report

DEA settles fake Facebook profile lawsuit without admitting wrongdoing (Ars Technica) Agents created bogus profile in woman's name in bid to nab other drug suspects

Silk Road Judge 'Eviscerates' Defense's Evidence That Mt. Gox CEO Was a Suspect (Wired) Last week produced a stunner in the Silk Road trial: the revelation that the Department of Homeland Security suspected Mt. Gox CEO Mark Karpeles of running the massive, anonymous narcotics market just months before settling instead on defendant Ross Ulbricht. But just as quickly as Ulbricht's defense revealed that alternate theory of the Silk Road's ownership, the prosecution and judge have shoved key elements of the story back into the closet

Gamergate target Zoe Quinn launches network to battle online harassment (Naked Security) Police were told to knock with their hands, not with their boots

How Was Your Credit Card Stolen? (KrebsOnSecurity) Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I've never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

Upcoming Events

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015,...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, January 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal,...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...

Data Connectors Los Angeles 2015 (Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

Transnational Organized Crime as a National Security Threat (Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...

ISSA CISO Forum (Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...

NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.