skip navigation

More signal. Less noise.

Daily briefing.

As police in Italy and elsewhere round up terror suspects whose online activity contributes evidence of intent, many speculate about how to counter the online operations of groups like ISIS. Some call for social media self-regulation, others for "positive" counter-narratives, still others for ways of subverting encryption. (This last approach continues to be a matter of fierce policy, if not technical, debate. The Washington Post makes the case for "golden keys;" Motherboard and BoingBoing push back hard.) The problem is this: inspiration is harder to combat than direction. The wolves may be lone, but they hear the pack howling on the Internet.

The story of Jeep-hacking on Missouri roads has wheels: it spurs legislation, consideration of responsibility for automotive security, calls for in-car network segregation, and hopes for new DCMA exemptions. (Also concerns about where and when researchers demonstrate hacks.)

This week's cyber story stocks include Palo Alto Networks, Check Point, and Fortinet; the sector's incipient unicorn is Darktrace. An online but non-cyber business having a bad week is AshleyMadison's corporate parent, whose recent breach appears to have killed its plans for an IPO.

WordPress and Oracle patch.

Canada announces plans to increase cyber spending.

The US decision not to formally attribute the OPM hack to China is seen as evidence of American intention to distinguish traditional intelligence operations from criminal hacking. China is newly suspected of a watering hole attack against the (international) Permanent Court of Arbitration.

Snowden would like to return to the US (on his own terms).

Notes.

Today's issue includes events affecting Canada, China, France, Germany, Indonesia, Iraq, Israel, Italy, Kenya, Democratic Peoples Republic of Korea, Mexico, New Zealand, Nigeria, Pakistan, Syria, Tunisia, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

ISIS-Inspired Suspects Wanted to Attack Italian Base With U.S. Military Presence (Time) The two men were making plans to travel to ISIS territory for military training

FBI Says Islamic State Bigger Threat Than Al-Qaeda Now (Radio Free Europe/Radio Liberty) The Islamic State's efforts to inspire "troubled souls" to violence has become more of a terror threat than an external attack by Al-Qaeda, the FBI director said on July 22

House Homeland chair: 'War is being brought to our doorsteps' (The Hill) The head of the House Homeland Security Committee on Wednesday accused President Obama of losing the battle against Islamic extremism and pushed for a dramatically increased U.S. role

Why Lone Wolf Attacks Are So Hard To Predict (Defense One) Events like the shootings in Tennessee show the possibilities and limitations of predictive analytics

Revealed: How to Wage War Against the Islamic State Online (National Interest) The media frenzy surrounding the rise of the Islamic State (IS) focuses heavily on the United States' military strategy. But since IS' influence transcends the battlefields of Iraq and Syria, it is equally important that the United States develop a coherent strategy to counter the group's social media reach. The twenty-four-hour news cycle and the Internet plaster IS' horrific beheading videos everywhere. President Obama's July 6 speech at the Pentagon on his strategy to combat IS, as one example, enjoyed only a fraction of the media coverage IS beheadings have received

Twitter and YouTube must self-regulate on terrorism (National) Nairobi's Westgate mall reopened on the Eid Al Fitr weekend, 22 months after it was attacked by a terrorist group that had live-tweeted the bloodshed and the drama of those four harrowing days in September 2013

China Suspected in Hack Attack on Peace Palace; Law Firms Vulnerable (American Lawyer) When President Obama invited China to join the international law community, this is not what he had in mind

Cyber War: Sex, Fingerprints and Spear-Phishing (Voice of America) Anyone working for the U.S. government who had a secret — financial, sexual, criminal or otherwise — well, it's no longer secret

China Is Building a Database On Americans Using Its Domestic Spy Program (Epoch Times) According to experts, the Chinese regime is building a database on Americans, using data stolen through numerous cyberattacks and, to some degree, inside spies

Duke APT group's latest tools: cloud services and Linux support (F-Secure) Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group

Hacking Team's RCS Android: The most sophisticated Android malware ever exposed (Help Net Security) As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware, and what capabilities other organized and commercial malware authors will soon be equipping their malicious wares with

Hacking Team, le plus français des pirates italiens (Intelligence Online) L'éditeur de logiciels-espions a multiplié les partenariats en France

Hacking Team may not have had a backdoor, but it could kill client installs (Ars Technica) Spyware vendor is also sad that no one in the media sees it as the real victim

Security tool bod's hell: People think I wrote code for Hacking Team! (Register) Now he wishes there was an anti-snoop clause in the GPL

A tale of Pirpi, Scanbox & CVE-2015-3113 (PWC) In the past year, PwC has notified the public about developments relating to the ScanBox reconnaissance framework on several occasions. There has recently been public reporting which relates to possible deployment of malware via ScanBox for the first time. While the report references activity related to a zero-day exploit against Adobe Flash (CVE-2015-3113), it does not detail the delivery mechanism used for this zero-day, which in fact uses ScanBox as part of the process

OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability (SektionEins) With the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file

Bartalex Variants Spotted Dropping Pony, Dyre Malware (Threatpost) Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, have recently been spotted dropping Pony loader malware and the Dyre banking Trojan

Modern APTs start at your corporate website (CSO) There hasn't been a day in recent months when the term "Advanced Persistence Threat" wasn't making headlines in the media. According to ISACA APT Awareness Study, 93.6 per cent of respondents consider APTs to be a "very serious threat" for their companies

Is Java the Biggest Vulnerability on your PC? A data-driven answer (Heimdal) Oracle's Java had been dethroned by Adobe's Flash in 2014 in terms of Zero Day vulnerabilities and, for a while, it seemed like Java 8 was really capable of standing up to exploits and attacks

Some more 0-days from ZDI (Internet Storm Center) For those of us that are in patching world the last few weeks has not been fun. It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached

Nigerian scammers buy exploit kits to defraud Asian businesses (ICG via CSO) Deeper reconnaissance of infiltrated accounts can lead to big thefts

Spike in ATM Skimming in Mexico? (KrebsOnSecurity) Several sources in the financial industry say they are seeing a spike in fraud on customer cards used at ATMs in Mexico. The reason behind that apparent increase hopefully will be fodder for another story. In this post, we'll take a closer look at a pair of ATM skimming devices that were found this month attached to a cash machine in Puerto Vallarta — a popular tourist destination on Mexico's Pacific coast

'Truly alarming' number of councils still on XP (CRN) CRN research finds almost a third of local councils are still running XP — months after extended support expired

Automakers rush to add wireless features, leaving cars open to hackers (Stuff) The complaints that flooded into Texas Auto Centre that maddening, mystifying week were all pretty much the same: Customers' cars had gone haywire. Horns started honking in the middle of the night, angering neighbors, waking babies. Then when morning finally came, the cars refused to start

Wired's highway Jeep-hacking stunt was an amazing story, but a terrible idea (Wired) Wired published a blockbuster story Tuesday about security researchers remotely hacking a Jeep Cherokee driven by reporter Andy Greenberg

Jeep hack raises questions about responsibility for security (ComputerWeekly) The hack of a Jeep raises the question whether users or car manufacturers should be responsible for protecting against cyber attackers

Here's what your stolen identity goes for on the internet's black market (Quartz) The going rate for a stolen identity is about twenty bucks

Security Patches, Mitigations, and Software Updates

WordPress 4.2.3 Security and Maintenance Release (WordPress.org) WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately

Google helps Adobe improve Flash security (Help Net Security) Adobe has been dealt a heavy blow after the Hacking Team data dump produced three Flash Player zero-day exploits and they begun being exploited in the wild

Oracle publishes 193 new vulnerabilities in July 2015 CPU (Onapsis Blog) As a company, Onapsis is focused on the security of business-critical applications such as SAP and Oracle. While our focus is on SAP applications, we have been doing research on Oracle business applications as well, identifying and reporting critical vulnerabilities. In this sense, Oracle is different from SAP, specifically with the way and timing that security patches are released and available to end users

The end is near for OS X Mountain Lion support (Computerworld) Apple will likely stop serving security updates for the 2012 OS in September

Apple Criticised for Not Patching OS X Yosemite Zero-Day Vulnerability (Intego) A German security researcher, Stefan Esser, has published details of a zero-day vulnerability in OS X that could allow a malicious hacker to escalate their privileges, opening opportunities for them to hijack complete control of innocent users' Macs

Cyber Trends

Ashley Madison breach a painful reminder of online data's permanence (Christian Science Monitor Passcode) The apparent perpetrator behind the Ashley Madison leak claimed the attack was over the company's treatment of sensitive user data. But experts say that data shared with Web companies rarely ever goes away

Information security governance practices are maturing (Help Net Security) Information security governance practices are maturing according to Gartner's annual end-user survey for privacy, IT risk management, information security, business continuity or regulatory compliance

Small Biz Fears the Cyber Attack — and for Good Reason (PYMNTS) Small businesses are among the most skeptical of adopting cloud technology to manage their finances. Recent research from Software Advice found that most SMEs prefer in-house payroll systems, for example, for fear that crucial financial details and employee information will be stolen if payroll is moved to the cloud

Caught on the defensive: why the financial sector needs to reevaluate its approach to cyber risk (Banking Technology) Contrary to popular belief, the financial sector is now far more aware and better prepared for cyber attacks. The Bank of England's Financial Stability Report, issued 1 July, states that threat awareness has grown exponentially and the sector is leading efforts to combat cybercrime. Perhaps this isn't surprising given 90% of large businesses across the sector had suffered a malicious attack over the past year. But what is worrying is that the financial sector is falling into a familiar trap: by focusing so much on defence, it has failed to make provisions for an effective recovery

Why Healthcare Security Matters (SecurityWeek) Does it really matter if someone steals your healthcare records? What would a hacker do with that information? Sell it? To whom and for what purpose?

Marketplace

Worried About a Cyber-Apocalypse? AIG Wants to Sell You a Policy (Bloomberg Business) A three-hour shutdown of the New York Stock Exchange on the same day that a network failure halted all United Airlines flights in the U.S. had people across the country thinking one thing: cyber-attack

4 common but dangerous cyber threats and steps to address them (Property Casualty 360) Increased access to the technical tools needed to launch cyber attacks, minimal risk of apprehension and lucrative payouts have created a perverse incentive for criminals to embrace crimes that are cyber-enabled or cyber-dependent

How to Play CyberSecurity Stocks Without Getting Burned (InvestorPlace) Focusing on cash is key to play it safe in CyberSecurity stocks

Fortinet, Inc. (FTNT — $42.30*) Delivers Eye-Popping June Quarter; Raises FY15 Billings Outlook (FBR Blue Matrix) Last night, Fortinet delivered eye-popping June quarter results as the company handily beat the Street on the top line, bottom line, and billings fronts with major strength from the enterprise, and on the heels of a string of robust quarterly performances, with the company showing no signs of slowing its increasing product/service proliferation in the fast-growing next-generation cybersecurity arena

Fortinet +9.9% on Q2 beat, billings, guidance; FEYE, PANW, CYBR also up (Seeking Alpha) Fortinet (NASDAQ:FTNT) has followed up on its Q2 beat by guiding in its earnings slides (.pdf) for 2015 revenue of $1B-$1.01B and EPS of $0.51-$0.52. The latter (pressured by heavy spending) is only in-line with a $0.51 consensus, but the former is soundly above a $943M consensus

Fortinet Execs Take Shots At Competition As Q2 Sales Jump More Than 30 Percent (CRN) With a strong second quarter under their belts, top Fortinet execs didn't mince words when it came to their confidence about the network security vendor's ability to continue taking market share from its legacy competitors down the road

Check Point Software Technologies (CHKP — $78.74*) Company Update (FBR Blue Matrix) This morning, Check Point (CHKP) delivered another solid quarter, with June headline results beating the Street on both the top and bottom lines on the heels of accelerating deferred revenue growth

Check Point profit jumps on strong demand for cyber security (Reuters) Network security provider Check Point Software Technologies (CHKP.O) is benefiting from strong global demand for threat-prevention and mobile-security products, it said on Wednesday as it reported better-than-expected quarterly profit

Analyst Report: Palo Alto Networks To Triple Market Share By 2024 (CRN) Palo Alto Networks has been on a strong growth trajectory in the security market, but how far will it rise? A recent report by JPMorgan predicted the company would more than triple its market share by 2024

Why a 23-month-old UK cyber security startup is worth more than $100 million (Business Insider) Darktrace, a cyber security company spun out of a piece of Cambridge University maths research, just got valued at over $100 million (£64 million) in its latest funding round

Ashley Madison London IPO unlikely after hackers threaten to expose 37m adulterers (Techworld via CSO) Hackers are threatening to expose nude photos and personal details on Ashley Madison's users

Target opens cybersecurity center to fight online threats (FierceRetailIT) Target (NYSE:TGT) recently opened a state of the art Cyber Fusion Center to protect customer data from online threats. It is part of the $1 billion investment the retailer is making in technology and supply chain this year

Skills Gaps Hamper Firms' Cyber-Defenses (Infosecurity Magazine) IT leaders can't find enough capable security professionals to cope with the rapidly growing volume and sophistication of modern cyber-threats, despite employing more infosecurity pros today than they ever have, according to new research

Why the perception of a security talent shortage is really a leadership opportunity (CSO) Reframe the discussions about the lack of qualified security professionals to reveal the real opportunity for leaders to develop the people around them

A 'cyber capital' sprouts from Israel's desert (EnergyWire) Construction cranes swing lazily outside Yaron Wolfsthal's office in the Ben-Gurion University of the Negev. A string of new buildings on a nearby hilltop shimmer through the midafternoon heat

Products, Services, and Solutions

Windows 10 Will Use Virtualization For Extra Security (InformationWeek) Microsoft explores new security strategies based on virtualization to better protect enterprise customers from malware and identity theft

Microsoft to make enterprise security tools generally available (IDG via PCWorld) Microsoft will be making two services generally available as part of the company's push to improve the security of businesses' data

Tenable Network Security Unveils Verizon 2015 Data Breach Report Dashboards for SecurityCenter Continuous View (BusinessWire) Comprehensive dashboards help Tenable customers use Verizon DBIR insights to strengthen networks against cyber threats

Researchers Enlist Machine Learning In Malware Detection (Dark Reading) No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA

Cylance and Raytheon|Websense Partner on Next-Generation Malware Protection (MarketWatch) Cylance, the first predictive cyber security company that applies artificial intelligence to stop malware, and Raytheon|Websense, a leader in cyber products for commercial and government customers, today announced a partnership that extends Cylance's next-generation security technology to Raytheon|Websense customers

Fortscale Enhances Insider Threat Offering (Dark Reading) Operational workflow integration, enhanced behavior analytics and rapid response toolbox among new features in Version 1.4 that cuts response time by up to 30 percent

Cavium Unveils 100 Gbps NITROX® V Security Processor Family (Cavium) Integrates up to 288 purpose-built security cores

G DATA INTERNET SECURITY erhält Auszeichnung für besten Banking-Schutz (PresseBox) Sicherheitslösung schützt Anwender umfassend und ohne das Nutzerverhalten zu beeinträchtigen

Cybersecurity Challenges For The IoT (CloudTweaks) The traditional approach to cybersecurity is to assume trust and then take steps to manage what isn't trusted. But as the concept of an industrial Internet of Things (IIoT) gains momentum, one of the primary challenges facing businesses is safeguarding connections between information technology (IT) and operational technology (OT)

Accuvant and FishNet Security Experts to Demonstrate Unique Burp Suite Plugin and RFID Skimmer, Talk Black Hat Network Infrastructure at Black Hat USA 2015 (BusinessWire) Accuvant and FishNet Security, which recently merged to create the nation's premier cyber security solutions provider, today announced that several security experts from the company will speak at Black Hat USA 2015. Presentations will include demonstrations of a new Burp Suite plugin and an open-source RFID skimmer

NSFOCUS Threat Response Team Immediately Blocks Potential Vulnerabilities Caused by Hacking Team Breach (PRNewswire) Emergency analysis by researchers identifies threats for customers, provides in-depth assessment and solution

Technologies, Techniques, and Standards

Top obstacles to EMV readiness (Help Net Security) By October 1, 2015, the majority of U.S. businesses must transition to EMV-capable technologies or become newly liable for any costs incurred from fraud using old magnetic strip technologies

Securing SAP Systems from XSS vulnerabilities Part 4: Defense for SAP HANA XS (ERPScan) Today's post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE

Measuring the Quality of Commercial Threat Intelligence (Network World) One person's quality is another person's fluff so objective measurements will be difficult. Threat intelligence quality may ultimately be gauged through crowdsourcing and threat intelligence sharing

A handy cheat sheet for North Korea's private "Internet" (Ars Technica) In the DPRK, they surf the Web by IP address, not DNS lookup

They Came From Outer Space: What Sci-Fi Movies Can Teach Us About IAM Security (IBM Security Intelligence) I gained some new insights into identity and access management (IAM) recently when I watched a 1950s science fiction movie titled "They Came from Outer Space." The plot involved aliens disguising themselves as humans in order to move about freely and accomplish their mission (repairing their crashed spaceship). Initially, the impostors are undetected, but the real humans soon realize something is amiss. The aliens' appearance is foolproof, so what tips off the humans that they aren't what they seem?

Academia

University of Waikato cyber security expert to be honoured (SecurityWatch) The head of the Cyber Security Researchers of Waikato is being honoured for his work in the cyber security field

Legislation, Policy, and Regulation

Steven Blaney announces new funding for cyber security (CBC) Cyber security keeps Canada's top CEOs 'awake at night'

How the US Is Trying to Shape Norms in Cyberspace (The Diplomat) Washington appears to be serious about upholding the distinction between commercial versus traditional cyber espionage

Hack Me Twice, Shame On Me (Lexington Institute) It is almost becoming tedious; every week or two another major U.S. institution, government department or major corporation is hacked. In the last two years, successful hacks of Premera Blue Cross, Anthem, Target, Home Depot, J.P. Morgan, EBay and Sony Pictures saw the personal, medical or financial data in some 550 million accounts compromised. Forbes reported that a hacking ring managed to steal over $1 billion from some 100 banks around the world. Government offices and departments that have been hacked include the White House, Department of Defense, Department of State, USPS and NOAA. The Pentagon's cyber defenses are tested 250,000 times an hour

Senators Want Homeland Security To Be a Leading Cyber Defense Agency (Defense One) After the hack on the Office of Personnel Management, a bipartisan group of lawmakers believes it's time to grant DHS power over government networks

Software industry urges action on Senate cyber bill (The Hill) A major tech industry group is pressing Senate leaders to take up stalled cybersecurity legislation before Congress leaves town for the August recess

Opinion: Why the information sharing bill is anti-cybersecurity (Christian Science Monitor Passcode) Supporters of the Cybersecurity Information Sharing Act says it's an essential tool for Washington and industry to exchange threat intelligence. But in reality, it would give the government carte blanche to collect and store more data on Americans, putting everyone's information at greater risk

US Senate Bill to Stop Smart Cars from Being Hacked (Hot for Security) The world's first automotive cyber-security law may force automakers to deliver software updates and stop vehicle tracking as part of new IT security standards regarding connected cars in the US

Terrorist Plot 72: Congress Needs to Address Rising Islamist Terrorism at Home (Heritage Foundation) On July 4, while most Americans were celebrating with friends and family, law enforcement officers were arresting Alexander Ciccolo for taking possession of firearms in order to carry out a terrorist attack

Putting the digital keys to unlock data out of reach of authorities (Washington Post) A contentious debate about encryption of data on smartphones and elsewhere has become even more intense in recent weeks. A collision is unfolding between law enforcement devoted to fighting crime and terrorism and advocates of privacy and secure communications. In these chaotic digital times, both are vital to the national interest, and it is imperative that experts invest serious time and resources into finding ways to reconcile the conflict

A 'Golden Key' for Encryption Is Mythical Nonsense (Motherboard) Last year, the Washington Post editorial board called for tech companies to create a "golden key" that would decrypt otherwise secure user communications for law enforcement. Apple, Google, Facebook, and others ignored the editorial, coming out with end-to-end encryption for iMessage and Facetime, end-to-end encryption for Gmail, and PGP for Facebook notification emails. Now, the Washington Post is doubling down on its call for a "golden key"

Once again: Crypto backdoors are an insane, dangerous idea (BoingBoing) The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict

What happened at yesterday's Congressional hearings on banning crypto? (BoingBoing) Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys"

Keeping The State Of Oklahoma Secure Against A Cyber Attack (Oklahoma's Own News9) Data breaches are common occurrences these days — hardly a month goes by that we don't hear about a major corporation or a federal government agency being victimized by hackers

Litigation, Investigation, and Law Enforcement

EFF Hopeful Car Hacking Demo Could Help Yield DMCA Exemption (Threatpost) The latest car hacking research from Charlie Miller and Chris Valasek has elicited a broad spectrum of reactions: admiration for the skill; outrage at the danger the demo may have put drivers; and even a patch from an automaker. And the EFF is hoping it might also help produce a new exemption to the Digital Millennium Copyright Act, the bane of many security researchers

Plaintiffs Win Victory Regarding Neiman Marcus Data Breach (Legaltech News) The ruling addresses the argument that customers impacted by the data breach are likely to be injured even though they did not experience identity theft or other kinds of fraud

UCLA Health patient files lawsuit for recent cyber attack (Daily Bruin) A UCLA Health patient filed a class action suit against the health care provider Monday for inadequately storing personal and medical information

Mobile Discovery, Confidence in E-Discovery Skills Rising Among Government Professionals (Legaltech News) Deloitte's study of e-discovery in government agencies analyzes the rise of predictive coding, trepidation in discussing e-discovery with opposing counsel, and more

International investigation of worldwide hackers' marketplace is rife with Pittsburgh ties (Pittsburgh City Paper) "Pittsburgh is a mecca for cyber-law enforcement"

Former Marine Charged With Stealing Fellow Marines' Identities (FARS News Agency via Military.com) A former United States Marine from Calumet City stole the identities of several fellow Marines and used their information to illegally procure more than $138,000 from Navy Federal Credit Union, according to an indictment returned this week in federal court in Chicago

Paramus man arrested for allegedly cyber stalking Rutherford family (NorthJersey.com) A Paramus man has been arrested for cyber stalking and stalking after allegedly sending out offensive communications to three members of a Rutherford family, police said

Man becomes first to be convicted under UK's new revenge porn law (Naked Security) A UK law banning the distribution of non-consensual porn images or videos went into effect on 13 April of this year

NSA leaker Edward Snowden seeks return to U.S., on his terms (Los Angeles Times) Somewhere in the thousands of towering apartment blocks that ring the Russian capital, whistle-blower Edward Snowden remains in hiding two years after outraging U.S. intelligence agencies with revelations of their snooping into the private communications of millions of ordinary citizens

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

Upcoming Events

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

PragueCrunch IV: The Enpraguening (Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.