skip navigation

More signal. Less noise.

Daily briefing.

A new Jihadist online presence caters to foreign fighters coming to Syria. Reviews call it very slick, but the perceived need for a social media reboot may suggest some shaky ISIS messaging (and failure to meet expectations). The UK's PM Cameron announces a major anti-radicalization initiative: it too will operate to a significant extent online. US police get advice on developing threat intelligence from online sources.

A contractor processing visa services for the UK's Home Office inadvertently releases applicants' personal data.

Anonymous goes after Canada's RCMP and succeeds in crashing one of the Mounties' sites.

Elsewhere in Canada, the adultery impresarios at AshleyMadison's parent company work to secure their clients' data. Legal observers expect lots of action: in addition to "the standard class action suits" (as Legaltech News calls them), they're on the qui vive for a spike in divorce filings.

Zero-days exposed in the HackingTeam incident surface in attacks against targets in Japan. Italian police continue to investigate former employees of the lawful-intercept shop, and observers speculate that both the HackingTeam and AshleyMadison affairs offer lessons on insider threats.

Microsoft pushes out a critical Windows patch to close a vulnerability exposed by the HackingTeam breach.

Chatham House offers a contrarian take on cyber threats: cyberspace, their study says, is less dangerous than the FUD would have you believe.

Insurance, accounting, and cyber security companies offer perspective on how boards should manage cyber risk.

Comments on US Wassenaar implementation closed yesterday, with many stakeholders serving up a lot of skepticism.

Notes.

Today's issue includes events affecting Canada, China, Colombia, European Union, Iraq, Israel, Japan, Mexico, Russia, Sudan, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Jihadist front established to represent foreign fighters in Syria (Long War Journal) In mid-June, a new jihadist brand appeared online. "Al Muhajirun," which claims to represent fighters who have emigrated to Syria to wage jihad, posted its first statement in several languages on Twitter. The message makes it clear that Al Muhajirun is not a new organization, but instead represents "a community" of foreign fighters "from different groups and with different interests united in order to show the ummah [community of worldwide Muslims] the true face of the muhajirun [emigrant helpers], the mujahideen and jihad"

British Prime Minister calls for tackling ideology of terrorism (CNN) In a major speech Monday, British Prime Minister David Cameron unveiled plans to confront the ideology of terrorism among the young and disaffected in the UK

Anonymous Targets Canadian Police, Crashes RCMP's Website (HackRead) This week, on July 17th, there was a police-involved shooting in Dawson Creek, British Columbia Canada, where one of the members of hacktivist group Anonymous was killed

Users' data compromised after technical glitch at Home Office contractor (Guardian) VFS Global, which provides visa services on behalf of the UK, released online application forms that allowed users to access other people's data

Vulnerability Note VU#912036: N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password (CERT | SEI | Carnegie Mellon | DHS) SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined

Beyond the breaches: Understanding the Angler exploit kit (Naked Security) The big security news stories these days are often about "this big breach", "that sneaky malware" or "these latest new exploits"

Ashley Madison scrambles to protect data after cyber attack (Globe and Mail) A Canadian company that runs an adultery website with 37 million user profiles has been hacked by a group that says it has stolen private information, including names, nude photos and credit card data

Cyberspies love new exploits revealed in Hacking Team leak (IDG via PCWorld) The leaked files from surveillance software maker Hacking Team have proven to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company's arsenal

New Campaign Targeting Japanese with HackingTeam Zero Day (Threatpost) Yet another group of attackers has quickly cashed in on one of the Adobe Flash zero days uncovered in the HackingTeam leak and is leveraging it to target Japanese organizations

6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak (Dark Reading) Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools

How was Hacking Team hacked? (Simon PG Edwards) The attacker who stole Hacking Team's data gained access to an employee's computer while the victim was still logged in

The insider threat highlighted by Hacking Team and Ashley Madison hacks (Hot for Security) Many of us spend a lot of time worrying about external hackers, spammed-out malware and internet intrusions — but sometimes the instigators of an attack against your business can be much closer to home

CVS, Costco, Rite Aid photo centers may have been breached (Business Insurance) Online photo centers operated by CVS Health Corp., Costco Wholesale Corp. and Rite Aid Corp. may have been the victims of cyber breaches caused by an attack on a third-party vendor

Apple iOS Scammers Hit UK Users with Crash Warning (Infosecurity Magazine) An iOS 'technical support' scam first spotted in the US has made its way across the Atlantic, threatening to defraud Apple users by claiming that their device has crashed

Here's why disabling Flash in your browsers may not be enough… (Graham Cluley) Poor old Adobe Flash. The seemingly endless cycle of zero-day vulnerabilities, in-the-wild exploits, and rushed-out patches has given the software something of a bad name

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin MS15-078 — Critical: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) (Microsoft Security TechCenter) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts

Don't sit down! Patch ALL Windows AGAIN! Microsoft fixes THIRD Hacking Team hole (Register) It's 2015, and bad font files in webpages will still pwn you

Cyber Trends

Global Cyberspace Is Safer than You Think: Real Trends in Cybercrime (Chatham House) What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. Information technology (IT) security firms such as Norton Symantec and Kaspersky Labs publish yearly reports that generally show the security of cyberspace to be poor and often getting worse. This paper argues that the level of security in cyberspace is actually far better than the picture described by media accounts and IT security reports

InfoSec pros spend most time, money on self-inflicted problems (CSO) InfoSec professionals spend most of their time and budgets on security problems created within the organization itself

Are IT pros overconfident in their ability to deflect attacks? (Help Net Security) IT executives within critical infrastructure organizations see a need for public-private threat intelligence sharing partnerships (86% of respondents) to keep pace with escalating cybersecurity threats, according to a survey by The Aspen Institute and Intel Security

CISO Role Still in Flux: Despite Small Gains, CISOs Face an Uphill Battle in the C-Suite (ThreatTrack Security) Compared to a year ago, CISOs have gained some respect in terms of perceived leadership qualities, but C-level executives still can't shake the temptation to use the role primarily as a scapegoat for data breaches. And though cybersecurity expertise is welcome on corporate boards, CISOs still have work to do in asserting themselves within the corporate structure

CISOs Caught In A Catch-22 (Dark Reading) Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows

New Survey Reveals Critical Infrastructure Cybersecurity Challenges (MarketWatch) Aspen Institute, Intel Security critical infrastructure survey shows 86% of respondents want more public-private cooperation; of those who experienced cyberattacks, 59% reported physical damage

The Ruskies are coming for you, NSA director tells City bankers (Register) GCHQ's Sir David Omand and Admiral Rogers talk up cyber and economic war

Study: Banks See Surge in Cyber Fraud (InfoRisk Today) Fraudsters take advantage of new tech, poor awareness

IT Security — An Escalation of Commitment (Tripwire: the State of Security) Recently, I was talking to one of our customers about how IT Security has evolved in the last 20 years. The conversation reminded me of 'Escalation of Commitment,' a topic studied both in Economics and Psychology

Escalation of Commitment Part 2: Three Possible Scenarios (Tripwire: the State of Security) Following from a recent post on 'Escalation of Commitment', a topic studied by both Economists and Psychologist, I could not resist writing a follow-up to explore the consequences for third parties that do not have the preparation and/or resources of the parties involved in scenarios of escalation of commitment in the IT security field

Marketplace

So You Want To Play The Cybersecurity Sector Right Now… (Benzinga) Yet another cybersecurity company entered the public sector on Friday. Rapid7 — which boasts more than 3,900 customers across 90 countries — provides IT security data and analytics software and services to help organization reduce the risk of a breach, detect and respond to attacks and building effective IT security programs

Palo Alto Grows To New Heights (Seeking Alpha) Palo Alto's 2014 results showcased continued success. The firm added 5,300 customers, revenue grew 51%, and the company closed its first acquisitions in its history during the period

Lockheed says commercial cyber business part of strategic review (Reuters) Lockheed Martin Corp is including its commercial cyber business in a strategic review of key services and information technology businesses, but will not exit the government cybersecurity business, Chief Executive Marillyn Hewson said

FireMon Taps New CEO as Jody Brazil Steps Down (The VAR Guy) Security intelligence solution provider FireMon announced that company co-founder Jody Brazil has stepped down from his role as CEO, and has been replaced by newly minted president and COO Jim Lewandowski

Products, Services, and Solutions

Cylance Announces FedRAMP Accreditation (Marketwired) Latest certification makes Cylance a partner-of-choice to help organizations comply with Federal third party guidelines and assess security risks associated with cloud computing

CFC partners with security ratings firm Bit Sight (Post) Specialist lines underwriting agency CFC has formed a partnership with cyber security ratings agency, Bit Sight Technologies

The Post-Breach Challenge: The Scarcity of Proactive Hunters (Cybereason) Over the last two decades, most of the security industry has focused on deploying layers of technology that try to prevent hackers from getting in. But the last two years have shown that even the most secured organizations can be hacked, and firms have begun to realize that network penetration by a hacker is inevitable

Ziften Eliminates Data Breach Guesswork and Reduces Cyber Attack Response Time by 70 Percent (BusinessWire) Ziften's next-gen endpoint security solution deploys in minutes to immediately discover, analyze, and seal security exposures where businesses are most vulnerable

Fortinet Selected to Secure Black Hat USA, the World's Premiere Information Security Conference (MarketWatch) Fortinet chosen by Black Hat to protect the event network and provide the first exclusive showings of Black Hat's Network Operations Command Center

CYREN Technology Protects Tablet Users from Inappropriate Content and Security Threats (PRNewswire) CYREN (NASDAQ: CYRN) today announced that one of Europe's largest retailers uses CYREN Web Filtering technology to block inappropriate content and protect against security threats in its latest generation tablet

Digital Shadows and ThreatConnect Give Organizations Unmatched Visibility into Cyber Security Threats, Risks and Actors (BusinessWire) Combined view of security data and exposed information helping adversaries lets organizations anticipate risks, preempt attacks and accelerate security teams' actions to defend their organizations

Resilient Systems Joins the OASIS Cyber Threat Intelligence (CTI) Technical Committee (BusinessWire) Incident response leader will help create new standards to share cyber threat intelligence

Imperva Named as Leader in Gartner Magic Quadrant for Web Application Firewalls (MarketWatch) For second consecutive year, Imperva is the only company positioned in the Leader's Quadrant

MobileIron integrates Pradeo app security service into EMM platform (FierceMobileIT) MobileIron and France-based Pradeo have formed a partnership to strengthen the security of mobile apps in the enterprise

ViaSat UK wins £3.8m contract for military vehicle encryption (ComputerWeekly) ViaSat UK is to provide an encryption system for British Army armoured vehicles to ensure sensitive mission and intelligence stored on and gathered by Scout SVs will never be put at risk

The psychic, the witch and San Francisco — IT security goes spiritual (Naked Security) If there's something strange going on with your computer, who you gonna call?

Technologies, Techniques, and Standards

4 Ways to Engage Executives in Cyber Risk (Wall Street Journal) A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs, though they (along with their peers in other industries) could still benefit from improved governance and engagement with business leaders

You're online. What's your risk? (CyberPoint Risk Analytics Blog) What's your risk? If cyber attacks are inevitable, how do you predict (and mitigate) your potential loss? By consensus, the conventional wisdom is that effectively surviving and prospering in cyberspace depends on sound risk management. That, of course, in turn depends upon some credible method of estimating, and quantifying risk

Next-generation endpoint protection not as easy as it sounds (Network World) Endpoint protection technology is making strides and may soon be touted as anti-virus

Remember to Lock the Front Door With Identity Governance (IBM Security Intelligence) Make no mistake: In virtually every environment around the world, someone has access to data or applications that they should not have access to. And without the proper identity governance in place, this inappropriate access poses a security risk

Security Challenges in SDN (InfoRisk Today) (ISC)²'s Lim on aAligning SDN with application security

Dark Web (Congressional Research Service) Beyond the Internet content that many can easily access online lies another layer — indeed a much larger layer — of material that is not accessed through a traditional online search. As experts have noted, "[s]earching on the Internet today can be compared to dragging a net across the surface of the ocean. While a great deal may be caught in the net, there is still a wealth of information that is deep, and therefore, missed." This deep area of the Internet, or the Deep Web, is characterized by the unknown — unknown breadth, depth, content, and users

Opinion: The value of unmasking Tor's dark side (Christian Science Monitor Passcode) The identity shrouding Tor browser is a godsend for many people — including criminals — trying to avoid detection online. But using it doesn't erase everyone's digital footprints, giving researchers many clues for hunting down Tor's more nefarious users

Breaking Up, Breaking In? Sensitive Data and the Ex-Employee (IBM Security Intelligence) Relationships end. In some cases, it's a mutual decision; in others, one party decides things simply aren't working and decides it's time to part ways. Companies go through this time and time again with employees. But as noted by SecurityWeek, reporting on recent Centrify survey data, more than half of IT leaders believe it's easy for ex-employees to access sensitive data with old usernames and passwords. Breaking up is hard enough — how do companies ensure total separation?

The NYSE system crash was an infosec incident (Help Net Security) On Wednesday, July 8, a number of information systems suffered "glitches," causing speculation that the US may be under a coordinated cyber attack. In the morning, United Airline grounded more than a thousand flights due to computer issues; around noon, the New York Stock Exchange (NYSE) suspended trading due to a "technical issue;" shortly after, the Wall Street Journal's (WSJ) website went down; and during all this, the New York subway had train issues, and thousands of customers in D.C. lost power. It must be the Cyber Armageddon, right?

About LongTail (LongTail) LongTail is a program that analyzes ssh brute force attacks and statistically quantifies them based on IP addresses used, Accounts, passwords, AND account/password pairs, and (what nobody else is doing at the moment) analyzing attack patterns for commonality and number of times used

Searching Through the VirusTotal Database (Internet Storm Center) Now that my overview of Sysinternals tools with VirusTotal support is complete (Process Explorer, Autoruns and Sigcheck), let's address a couple of remarks I received (BTW, if I missed a Sysinternals tools, let me know with a comment)

Cloud security controls series: Multi-factor Authentication (Microsoft Cyber Trust Blog) Recently I wrote an article on the risk of leaked credentials in which I discussed how credentials are stolen in bulk directly from organizations' websites

Intelligence-Driven IAM: The Perfect Recipe (RSA Speaking of Security) Another day, another breach, right? It's almost like we've started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach — no matter how large or small. They all can cause negative consequences — on the corporation whose share price plummets, or on the guy who sits in the cube next to you whose records were compromised

FDA and UL weigh in on security of medical devices, IoT (TechTarget) The security of medical devices is on the FDA's radar as IoT moves into healthcare and wearable health technology data flows to doctors' chart

Design and Innovation

Do Not Track 2.0 (Privacy Perspectives) Earlier this week, the World Wide Web Consortium (W3C) announced another major milestone in the standardization of Do Not Track. Most notably, the technical mechanism will soon be certified for widespread implementation

Research and Development

IARPA funds program to predict next wave of cyberattacks (Federal Times) To-date, cybersecurity has largely been reactionary — stopping infiltrators before they can do too much damage to a system. A new initiative from the Intelligence Advanced Research Projects Agency is trying to get ahead of the next attack by combining traditional security techniques with information culled from unconventional sources to block currently unknown threats

Academia

As cyber-risks abound, airline industry seeks Israeli help (Times of Israel) IATA, the largest international airline group, will work with Tel Aviv University to improve on- and off-line security for its members

So, you want a Masters Degree in cybersecurity? (CSO) A sampling of cybersecurity Masters Degree programs at Universities in the U.S

Cyber Innovation Center helps high school teachers develop a cyber strategy in lesson plans (Red River Radio) More than 100 high school teachers from seven states wrapped up a week-long workshop at the Shreveport Convention Center Friday

Legislation, Policy, and Regulation

Comments to the U.S. Department of Commerce on Implementation of 2013 Wassenaar Arrangement Plenary Agreements (New America) Access, the Center for Democracy & Technology, Collin Anderson, the Electronic Frontier Foundation, Human Rights Watch, and New America's Open Technology Institute respectfully submit these comments to the U.S. Department of Commerce in response to the Bureau of Industry and Security's Request for Comments on Wassenaar Arrangement 2013 Plenary Agreements Implementation

Concerns about the Department of Commerce's Proposed Export Rule under the Wassenaar Arrangement (Cisco Blogs) Today, Cisco filed comments on a Proposed Rule published by the Department of Commerce's Bureau of Industry and Security (BIS) in an effort to comply with an international agreement called the Wassenaar Arrangement. The proposal would regulate a wide array of technologies used in security research as controlled exports, in the same manner as if they were munitions. Cisco, along with many other stakeholders in the cybersecurity research field, has identified a number of significant concerns that we believe require BIS to revisit the text of the Proposed Rule

Langevin Letter Addresses Export Controls on Cybersecurity Software (Congressman Jim Langevin) Congressman Jim Langevin (D-RI), a senior member of the House Committee on Homeland Security and its Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, submitted public comments to the Bureau of Industry and Security (BIS) at the Department of Commerce in regard to the Wassenaar Arrangement on international export controls. The proposed rule, issued on May 20, would govern the export of "intrusion software," which was added to the list of controlled technologies by the Wassenaar Arrangement Plenary in 2013

OPM Changes Privacy Rules to Let Investigators Inside all Databases (Nextgov) The Office of Personnel Management has rewritten privacy regulations to let investigators probe all of its databases for breaches

U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push (New York Times) In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets

The OPM Cyber Blunder is America's Fault, not China's (War on the Rocks) America has been abuzz about the new revelations about OPM's incredible loss of personal data — it's being called a "hack," the "biggest cyberattack in U.S. history." Though the number of personnel compromised is said to reach 21.5 million, that total will increase exponentially due to the information about friends, family, and associates contained in each of those investigations. It is an incredible defeat for America

Shared services: A key part of a 21st century federal cyber strategy (Federal News Radio) The headlines have said it all: "OPM's archaic IT infrastructure opened door for massive data breach" and invited "the ultimate wake-up call." While Pearl Harbor and 9/11 analogies are strained, it cannot be denied that this stealth attack caught the government completely off-guard and flat-footed

The Challenges Facing Computer Security Incident Response Teams (Council on Foreign Relations) In mid-June, the German parliament scrambled to repel the worst cyberattack in its history. Meanwhile, 800 IT security experts and members of Computer Security Incident Response Teams (CSIRTs) from around the world met just a few blocks away at the annual meeting of the Forum for Incident Response and Security Teams (FIRST). Responding to attacks like the one against the Bundestag is at the core of a CSIRTs' daily tasks. As cybersecurity has become a core strategic interest for companies and governments alike, there is a growing need to safeguard CSIRTs' operational independence from other political objectives and strengthen them as a neutral pillar of global cybersecurity

Silicon Valley wary of U.S. push for cyber security info sharing (Network World) The Obama administration negotiated an historic nuclear deal with Iran and reached an agreement to normalize relations with Cuba. Now comes the hard part — winning over Silicon Valley when it comes to sharing cyber security information

Army's Electronic Warfare Cupboard Is Bare: No Jammer Until 2023 (Breaking Defense) The US Army is struggling to fund the increasingly crucial capabilities it fields for electronic warfare, which it largely abandoned after the Soviet Union fell. The Army has over 32,000 short-range defensive jammers to stop roadside bombs, but on current plans, it won't have an offensive jammer until 2023

Israel and U.S. Will Cooperate on Cybersecurity (Forward) The U.S. deputy secretary of Homeland Security and the top Israeli official handling cybersecurity cosigned a statement committing to U.S-Israel cooperation in the area

#HackedTeam & Colombia: How Surveillance Helps a Violent State (teleSUR) A series of 2013 emails discuss a US$60M deal with Colombia's directorate of police intelligence (DIPOL)

Litigation, Investigation, and Law Enforcement

How to Stop the Next Domestic Terrorist (Time) The former director of intelligence analysis for the NYPD explains how to detect and disrupt jihadist plots

Hack on Hacking Team Raises Concerns (Legaltech News) Hacking Team may have violated the EU sanctions regime on Sudan and Russia

Homeland Security Leaders Bent Rules on Private E-Mail (BloombergReview) Jeh Johnson, the secretary of homeland security, and 28 of his senior staffers have been using private Web-based e-mail from their work computers for over a year, a practice criticized by cybersecurity experts and advocates of government transparency

Verizon faces steady stream of requests for customer data (C|NET) Even though it's received nearly 150,000 government data requests so far this year, Verizon says the overall percent of its customers affected remains small

Effectively Navigating the Three Phases of Forensic Production of Data (Legaltech News) Forensic analysis goes beyond what a document review will uncover

Text and Social Media More Common in E-Discovery Production (Legaltech News) Gibson and Dunn report shows that forms of communication that were once personal are more commonly a concern for litigation-conscious enterprises

E-Discovery a 'Stain' on the Legal System (Legaltech News) Logikcull CEO Andy Wilson says it's time to end e-discovery in the form it exists today

Hackers Gain Access to Extramarital Dating Databases (Legaltech News) Few things in life are as private as our romantic entanglements. So with hackers announcing they've made off with as many as 37 million records from the parent company of extramarital dating site AshleyMadison.com, you can be sure there are plenty of people sweating over the potential fallout…If hackers are successful in leaking Avid Life Media user information, legal action stemming from the breach is inevitable. That's likely to include not only the standard class action against the breach victims, but probably an uptick in divorce filings as well

Neiman Marcus Customer Card Data Breach Suit Given New Life (BloombergBusiness) Neiman Marcus Group LLC must face a proposed class action in which the high-end retailer is accused of failing to protect customers from computer hackers who stole credit and debit card information, an appeals court ruled, saying a judge decided too soon that the victims didn't have a case

US should hang Edward Snowden, says former spy panel senator (The Hill) The U.S. should publicly hang leaker Edward Snowden if and when he falls into the government's hands, according to the former top Republican on the Senate Intelligence Committee

Opelousas hacker held wihout bond, allegedly controlled thousands of computers (KATC) The Opelousas man, Rory Guidry, arrested last week for his alleged part in a nationwide cybercrime ring will remain behind bars without bond, pending a mental health evaluation, a Lafayette federal judge ruled today

Burglary suspect accidentally takes his own iPhone selfie video (Naked Security) Here's how his acting career began: First, he slipped in through an unlocked side door early on a Saturday morning

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Upcoming Events

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

The APTs are coming (New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

PragueCrunch IV: The Enpraguening (Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.