skip navigation

More signal. Less noise.

Daily briefing.

The actual provenance of the Cyber Caliphate (known for attacks on small-market US media outlets and other poorly defended targets) has been a matter of some dispute. While doubtless "objectively" serving some ISIS interests, the group is being called out (by iSight Partners) as a Russian false flag operation.

Russian security services are also the usual (and plausible) suspects in hostile probes of Latvian government websites.

The US NSA Director expects more attacks like the one that compromised OPM. OPM's new director promises to do more to help the victims; she's offered legislative help to make good on her promise.

As the Hacking Team hack moves into litigation (former employees are in the company's legal crosshairs) Dark Reading outlines some of the incident's lasting effects, among which is Flash's probable final eclipse. The Internet Storm Center speculates about where hackers will turn post-Flash.

Researchers demonstrate vulnerability in the RC-4 encryption algorithm. Symantec finds a new tool, "SeaDuke," in the Duke APT group's kit. Kaspersky outlines TeslaCrypt 2.0's "curious behavior. Blue Coat continues descriptions of "shady" top-level domains.

Lloyds estimates insurance costs of a major cyber attack on the US power grid. Control Global thinks it's a nice, and important, try, but that Lloyds has their figures wrong: the exposure's probably worse than feared.

Pending cyber export controls in both the US and Australia attract opposition. The US deadline to comment on Wassenaar is next Wednesday.

The Darkode takedown brings seventy arrests. (One of the bigger collars is a Carnegie-Mellon sophomore.)

Notes.

Today's issue includes events affecting Australia, Bosnia, Brazil, China, Denmark, Egypt, Ethiopia, Finland, Germany, Iraq, Israel, Republic of Korea, Latvia, Malta, Russia, Slovenia, Sudan, Syria, United Arab Emirates, United Kingdom, United Nations, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

These cyberhackers may not be backed by ISIS (CNBC) Early this year, a group calling itself the "Cyber Caliphate" claimed responsibility for hacks into the Twitter accounts of The Albuquerque Journal and Maryland's WBOC 16 TV station. On its Facebook page, the group's message seethed with ISIS-inspired rage: "You'll see no mercy infidels. We are already here, we are in your PCs, in each house, in each office," the group wrote

Government website comes under cyber-attack suspicion (Public Broadcasting of Latvia) A cyber attack, possibly of Russian origin, was directed yesterday against the main homepage of Latvia's government, the Cabinet of Ministers. The attack started on July 14 at 12 PM and lasted for 14 hours

OPM Says 84,000 Hack Victims Still Not Notified (National Journal) The agency alerted 98 percent of hack victims of the security breach, but 2 percent of those affected are left wondering

Chinese Attack on USIS Exploiting SAP Vulnerability (ERPScan) On 11th of May, a security headline broke out in the news, it was about an attack on USIS (U.S. Investigations Services) conducted potentially by Chinese state-sponsored hackers via a vulnerability in SAP Software

NSA Chief Expects More Cyberattacks Like OPM Hack (Wall Street Journal) Mike Rogers says, 'I don't expect this to be a one-off'

4 Lasting Impacts Of The Hacking Team Leaks (Dark Reading) Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash

Once-theoretical crypto attack against HTTPS now verges on practicality (Ars Technica) Certain types of Wi-Fi cypto also threatened by technique attacking RC4 cipher

New RC4 Attack Dramatically Reduces Cookie Decryption Time (Threatpost) Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm

Duke APT group adds low-profile SeaDuke Trojan to their malware arsenal (Help Net Security) Not much is known about the cyber espionage group that wields the so-called "Dukes": backdoors and information stealers that all have "Duke" in their name, and have been used to compromise high-value, government-level targets

TeslaCrypt 2.0 makes it impossible to decrypt affected files (Help Net Security) Kaspersky Lab has detected curious behavior in a new threat from the TeslaCrypt ransomware encryptor family. In version 2.0 of the Trojan notorious for infecting computer gamers, it displays an HTML page in the web browser which is an exact copy of CryptoWall 3.0, another ransomware program

Exploring .XYZ (Another Shady TLD Report) (Blue Coat) It's been a couple of months since the last post in our "Shady TLD" series, with plenty of interesting candidates for another expedition, but other R&D kept getting in the way. Then, last week, I saw a short post from Adnan in our internal blog, which included several ".XYZ" sites, and that tipped the balance in favor of choosing this top level domain for analysis. So here we go

After Flash, what will exploit kits focus on next? (Internet Storm Center) Adobe has received some bad publicity regarding zero-day Flash player exploits due to the recent Hacking Team compromise. This certainly isn't the first time Adobe has had such issues. With HTML5 video as an alternative to Flash player, one might wonder how long Flash player will be relevant. Google has announced the next stable version of Chrome will block auto-playing Flash elements, and Firefox started blacklisting Flash player plugins earlier this week. With people like Facebook's chief security officer calling for Adobe to announce an end-of-life date for Flash, I've been wondering about the future of Flash player

Epic Games forums hacked, user data stolen (Help Net Security) The forums of popular game development company Epic Games have been hacked, and the users' username, email address, password and date of birth have likely been compromised

W.W. Grainger Reports Cyberattack (Wall Street Journal) Company finds no evidence that credit-card information was compromised

Businesses exposing confidential data to ex-employees (IT Pro Portal) One third of IT decision makers say ex-employees are able to access systems after leaving

Reacting to Potential Attacks (In Homeland Security) Last week several computer-related glitches hit United Airlines, the New York Stock Exchange, and the Wall Street Journal prompting many to speculate that these entities were the subject of a cyber attack. All three were able to resume normal operations later in the day and each went on to state that they faced several issues that weren't related to an attack. Officials from the Department of Homeland Security went on to publicly back these statements; however some, including members of congress, remain skeptical of the press releases

9 Spectacular Cloud Computing Fails (InformationWeek) For some of you, the cloud failures listed here may simply highlight areas where cloud service providers need to grow or adapt in order to better service their customers. For others, the examples may be more personal, as your data or applications may have been affected

The New Face of Organized Crime (Slate) You could call 2014 the year of the hack

Security Patches, Mitigations, and Software Updates

OpenSSL CVE-2015-1793: Separating Fact from Hype (TrendLabs Security Intelligence Blog) A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9

Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites (Register) XP rump now carrion for hackers as malware removal tool pulled, A-V updates cease

Oracle slings 193 patches, nixes exploited Java zero day (Register) Unauthenticated remote code execution among grizzly vulns

Hopefully you've either updated Java, or removed it from your computer (Graham Cluley) You've updated Java, right?

Cyber Trends

Researchers claim cyber attack on US power grid could cost $1tn (Kroll Ontrack) British researchers have claimed that a large-scale cyber attack on the US power grid could cost the country's economy as much as $1 trillion (£640 billion)

The technical limitations of the Lloyd's Cyber report on the insurance implications of cyber attack on the US Power Grid (Control) The Lloyd's report on cyber implications of the electric grid serves a very important need to understand the insurance implications of a cyber attack against the electric grid. There have already been more than 250 control system cyber incidents in the electric industry including 5 major cyber-related electric outages in the US. There have been numerous studies on the economic impact of various outage durations, but they have not addressed issues associated with malicious causes. Consequently, there is a need to address the missing "malicious" aspects of grid outages. Unfortunately, I believe the technical aspects of the hypothesized attack in the Lloyd's study are too flawed to be used

Your IT security team is flying blind on malware. Here's why (SC Magazine) A new report from The Ponemon Institute reveals that security staff spend a significant portion of their time chasing up 'false positive' malware alerts, with faulty cyber-intelligence to blame

Marketplace

Cyber leads risks for insurers in North America, Bermuda (Business Insurance) Cyber risk is the top risk faced by insurers in North America and Bermuda, according to a survey released Wednesday by London-based think tank Centre for the Study of Financial Innovation

Data Breaches Boost Funding for Cybersecurity Startups (Wall Street Journal) In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups

CounterTack Acquires ManTech Cyber Solutions International to Deliver Unprecedented Endpoint Detection and Response Capabilities Across Entire Cyber Kill Chain (BusinessWire) CounterTack acquires ManTech Cyber Solutions International to deliver unprecedented endpoint detection and response capabilities across entire cyber kill chain

CrowdStrike Wins Patent, Raises $100M for Next-Gen Endpoint Security (The VAR Guy) CrowdStrike has been hard at work protecting endpoints from threats with its security software, and now the Irvine, California-based company has protected its own technology with a new patent. The company also has secured $100 million more in funding from notable investors — including Google Capital — for its endpoint security strategy and solutions

Rackspace makes investment in cybersecurity firm CrowdStrike (San Antonio Business Journal) Rackspace really believes that cybersecurity firm CrowdStrike has the best platform for protecting its operations in the cloud. So much so that the company has announced a "significant" investment in the Irvine, California-based company's $100 million Series C financing round

Computer Sciences (CSC) Files Form 10 For Expected Spin-Off (Street Insider) Computer Sciences Corporation (NYSE: CSC) announced a milestone in the planned spin-off of its U.S. public sector business into a separate, publicly traded company with the filing of an initial Form 10 Registration Statement (Form 10) with the U.S. Securities and Exchange Commission

Chinese bid to take over Micron would face tough U.S. review (Seattle Times) A China-backed bid for chip maker Micron Technology would encounter close scrutiny by American national-security officials worried about Chinese control of U.S. technology firms

McCain raises concerns about possible China bid for Micron Tech (Reuters) Republican U.S. Senator John McCain on Wednesday raised concerns about the potential national security implications of a proposed bid by China's Tsinghua Unigroup Ltd's [TSHUAA.UL] to acquire U.S. chip maker Micron Technology Inc (MU.O), and called for a thorough U.S. review

Chinese mobile security firm sets sights on global market (Korea Herald) 360 Security Group plans to team up with Samsung and LG

Black Hat attendee report highlights the mess we're in (ZDNet) Black Hat has released its first-ever attendee research report, highlighting infosec's ongoing hiring crisis and a sector that feels poorly prepared to face current threats

IOActive Joins the Institute for Critical Infrastructure Technology (BusinessWire) Company's 'Smart Cities' research to be used to educate U.S. Senate and U.S. House of Representatives on security issues

Marianne Meins Named Parsons National Security Division BD Manager (GovConWire) Marianne Meins, a more than 25-year national security veteran, has joined Parsons as a corporate vice president and manager of business development at the national security division within the company's government services unit

Kaine named CEO of Delta Risk (PE Hub) Delta Risk LLC said Monday that Scott Kaine was named CEO effective immediately. Most recently, Kaine served as president of Cyveillance. San Antonio, Texas-based Delta Risk provides cybersecurity and risk management services to government and private sector clients worldwide. Delta Risk, in April, received a growth capital investment from a group of private equity investors affiliated with The Chertoff Group

Products, Services, and Solutions

New Norse Live Attack Map Opens Window Into Global Cyber Attacks in Real Time (Yahoo! Finance) Shows the Norse Intelligence Network taking the hits so customers don't have to

HP views Win 10 security concerns as part of the channel pitch (MicroScope) One of the main themes of the first day of Microsoft's worldwide partner conference was Windows 10, which launches in three weeks, with the positive impact that it should deliver for the channel and customers

ERPScan Security Monitoring Suite is a Gold Winner in the 10th Annual 2015 Hot Companies and Best Products Award in IT Products and Services for Telecommunications (PR.com) Network Products Guide has named ERPScan Security Monitoring Suite a Gold winner of the 10th Annual 2015 Hot Companies and Best Products Awards in the IT Products and Services for Telecommunications category

Apple Pay Gets Thumbs Up From Security Experts on UK Launch (Infosecurity Magazine) Security experts have broadly welcomed the arrival of Apple Pay in the UK today, arguing that the service provides at least as safe and secure a way to transact as traditional chip and PIN cards

ThreatConnect Challenges Traditional Threat Intelligence with New TC Exchange Offering (MarketWatch) Leveraging a true threat intelligence platform, organizations now have ability to build, host and exchange customized secure applications for improved intel gathering

IKANOW Optimizes Enterprise Security with Updated Analytics Platform (Nasdaq) IKANOW, which helps Fortune 1000 organizations continuously optimize enterprise cyber security, today released key updates to its Enterprise Edition Information Security Analytics platform. This new release enhances several features critical to cybersecurity applications

RackTop Systems Announces Release of a New Version of BrickStor OS (Digital Journal) ​​RackTop Systems Inc., creator of the Data Ecosystem and a leading provider of enterprise data management and storage appliances, today announces the release of version 15.07 of RackTop's software defined storage data operating system

Researchers To Offer Free BGP Security Alert Tool Via Twitter (Dark Reading) New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net

Got Secrets? This Dropbox Competitor Will Encrypt Them (Wired) Everyone really ought to do more to protect themselves online. Use two-factor authentication. Encrypt email. Make sure any downloaded software hasn't been tampered with. But it is such a pain

Technologies, Techniques, and Standards

Collaboration key to defeat cyber threats, says Cert-UK (ComputerWeekly) The Cisp uniquely provides the opportunity to see what is happening across all industry sectors, join the dots and share insights, says Cert-UK

The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence (Dark Reading) In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams

Applying Threat Intelligence Research: Romancing the SIEM (Dark Matters) When my team released our threat intelligence program research at RSA Conference earlier this year, we were hit with a sudden rush of requests to apply the lessons we learned in building the program framework to various enterprise profiles

British Gas reveals it doesn't think password managers are good for security (Graham Cluley) Well, this is bizarre. British Gas customer Ben Woodward understands the benefits of having a complicated, hard-to-remember password rather than a dumb, easy-to-guess one

Interview: Why your company really needs a password management system (IT Pro Portal) With security becoming a prominent focus in recent months after a series of high profile data breaches, it seems strange to suggest that the trusty password is coming under threat

Design and Innovation

Flash. Must. Die. (Wired) Adobe Flash — that insecure, ubiquitous resource hog everyone hates to need — is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet's most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn't enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself

Adobe Flash Failure Shows Plug-Ins Are Obsolete (InformationWeek) This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5

Wi-Fi Alliance ushers in new era of intrusive apps (Register) First 'Wi-Fi Aware' chips pass certification

Research and Development

IU researcher develops mathematical framework to analyze 'controlled chaos' (FierceBigData) A researcher at Indiana University has developed a new method for analyzing "controlled chaos," which they define as "how interactions among highly complex systems affect their operation and vulnerability." Filippo Radicchi and his new mathematical framework "untangles multiple complex systems by pulling apart each network, or graph, for individual analysis, and then reconstructing an overall picture

This is what happens if you let anyone use your Facebook password (Naked Security) Last week, a fascinating, fractured, hilarious, annoying, imprudent, and beautifully schizophrenic creature was birthed on Facebook

Legislation, Policy, and Regulation

Companies Need to Prepare Now as Europe May Soon Release Updated Privacy Reforms (Legaltech News) The European Commission's privacy reforms may be put in final form before the end of this year — and could have a far-reaching impact on other nations

A 'cyber superpower' prepares for war (E&E) A group of Israeli soldiers gathers around a miniature city replete with houses, traffic lights and a nuclear plant. A toy train circles the town

Why Indian intelligence uses small companies like Sunworks Consultants for spying technology (Economic Times) There's nothing remotely James Bond-like about the drab corner in Gurgaon. But then, what better cover for a spot of cloak-and-dagger activity? Perhaps, for this is the home of Sunworks Consultants, which says it provides IT services to the healthcare and telecom space. But in a series of emails to Italian spyware firm Hacking Team, the company negotiated for high-end surveillance equipment that it said it was buying for the Research & Analysis Wing, India's intelligence agency

"International Cyber Stability" and the UN Group of Governmental Experts (Just Security) In recent months, the United States has been pushing a new policy of "international cyber stability." In a speech in Seoul in May, Secretary of State John Kerry explained that this goal requires "broad consensus on where to draw the line between responsible and irresponsible behavior." To define the line, the United States proposed several norms that states should observe in peacetime, and according to media reports, the UN Group of Governmental Experts (GGE) has adopted several of the norms, which will be included in a forthcoming consensus report

FNC can help find balance on social media and privacy (The National) The immediacy of social media, where in a matter of seconds a smartphone can post images or video on Facebook or Twitter, does not always sit well with the high value placed on privacy in our culture. This can lead to problems, as demonstrated this week by the deportation of an Australian woman in Abu Dhabi who made insulting comments while posting a photograph of a car taking up two disabled parking bays

EFA endorses petition against criminalisation of cryptography research (CIO) Claims Defence Trade Controls Act amendments could result in researchers being cut off from international efforts

Regulators seek to limit security software exports (CSO) The comment period on Wassenaar ends next Monday

Coalition for Responsible Cybersecurity fights proposed export control regulations (Help Net Security) A broad cross-section of industry announced the formation of the Coalition for Responsible Cybersecurity. The purpose of the Coalition is to prevent the Commerce Department from adopting proposed export control regulations that could severely impact U.S. cybersecurity effectiveness

Opinion: Why privacy alarmists are wrong about data rules in big trade deals (Christian Science Monitor Passcode) Provisions in the Trade in Services Agreement, which is currently under negotiation in Geneva, are not meant to erode privacy. Instead, the pact reflects the reality of how data is stored and transmitted in the modern global digital economy

Regulators Continue to Emphasize Third Party Cyber Risk Management (Bitsight) In recent months, we've seen a variety of regulators from Finance to Defense cite the importance of third party cyber risk management. You can now add the Federal Trade Commission to the list

Blog: Intel Community to Tackle State of Cybersecurity at Fall Summit (SIGNAL) Cyber breaks into the world of intelligence as calamitous breaches distress nation

Proactive Disclosure Pilot Launches (US Department of Justice) This past Fourth of July marked the 49th anniversary of the signing of the Freedom of Information Act (FOIA), which as President Obama declared, "is the most prominent expression of a profound national commitment to ensuring an open Government." In celebration of this milestone in the history of this important law, today, the Department of Justice is pleased to announce the launch of a new pilot program at seven agencies designed to test the feasibility of posting online FOIA responses so that they are available not just to the individual requester, but to the general public as well

CIA documents raise questions about spy agency's domestic data collection (Christian Science Monitor Passcode) The American Civil Liberties Union in concerned the CIA is hoovering up mass amounts of data on Americans as it conducts foreign surveillance operations

New OPM Director Promises to Improve Response to Data Breach (Government Executive) On her third full day as acting director of the Office of Personnel Management, Beth Cobert told labor leaders and agency supervisors that she herself was a victim of the recent data breach, and promised to "do everything we can do restore trust and confidence" in the government's personnel and data security capabilities

New Bill Would Grant Lifetime Credit Monitoring to OPM Victims (Threatpost) A group of lawmakers are proposing victims of last month's expansive Office of Personnel Management hack receive lifetime fraud protection and credit monitoring

McDew: Companies' cyber weaknesses threaten TRANSCOM (Air Force Times) Air Force Gen. Darren McDew, the nominee to be the next commander of U.S. Transportation Command, highlighted Tuesday the risk of cyberattacks from hostile countries as one of his top concerns in his potential new role

Why and How Congress Should Outlaw Revenge Porn (Information Technology and Innovation Foundation) The distribution of sexually explicit images without the subject?s consent, commonly referred to as "revenge porn," currently exists in a legal gray area throughout much of the United States, where victims have few options for recourse and perpetrators go unpunished

Senior Executive Service Announcements (US Department of Defense) Aaron Hughes has been appointed as the deputy assistant secretary of defense for cyber policy, Washington, District of Columbia. Hughes previously served as vice president, intelligence community support, In-Q-Tel, Arlington, Virginia

Litigation, Investigation, and Law Enforcement

Criminal hacking bazaar Darkode is dismantled and 70 members are busted (Ars Technica) Arrests come 18 months after undercover FBI agents infiltrated site

The Darkode Cybercrime Forum, Up Close (KrebsOnSecurity) By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness. This post is an attempt to distill several years' worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general

Cybersecurity intern accused in huge hacking bust (CNN Money) The guy accused of being one of the world's top Android phone hackers is a bright young student who's been honing his skills as an intern at the cybersecurity firm FireEye

Meet The Hacking Team Alumni Fighting Their Old Overlord And Its Spyware (Forbes) Hacking Team, the Italian government spyware provider that has been publicly dismantled this month after suffering a devastating attack, is staying positive, painting itself as a good guy under attack from evil forces. Eric Rabe, the mouthpiece for the firm, wants the world to know all is well at Hacking Team, saying its employees are pulling together to ensure its customers, whether that's the FBI or Ethiopia or Russia's secret police, can continue to track down terrorists and drug dealers using its "lawful intercept" software

DDOS — UK Teenager Sentenced Over 'Biggest' Web Attack (Team Cymru) British teenager Seth Nolan Mcdonagh, aka "Narko", has been sentenced for his part in what was dubbed at the time the "biggest cyber attack in history". The distributed denial of service attack (DDoS) on Spamhaus in 2013 peaked at 300Gbps, choking the London Internet Exchange (LINX), and causing the anti-spam service to take cover behind Cloudflare’s DDoS mitigation infrastructure

FBI used Hacking Team services to unmask Tor user (ZDNet) The FBI only had an exit node IP address to work with, but could the Galileo tool be used to track down a Tor user?

FT investigation: Cyber insecurity (Financial Times) US agencies responsible for vital interests lack basic IT defences

Google slip reveals why people exercise their "right to be forgotten" (Naked Security) When the European Court of Justice (ECJ) ordered Google to remove links to two web pages last year, in a ruling that kicked off the "right to be forgotten," I'm sure I was not alone in thinking that the main beneficiaries would be criminals, politicians and other high-profile figures

City of Sacramento slapped with restraining order to protect public records (FierceContentManagement) The City of Sacramento is the latest in a string of governmental offices being told to rein in their indiscriminate email deletion policies. A Sacramento Superior Court judge agreed to a temporary restraining order to prevent the City from removing emails from its server pending a review of the situation

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, July 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered...

SINET 16 Application Deadline (San Francisco, California, USA, July 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of...

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

The APTs are coming (New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.