skip navigation

More signal. Less noise.

Daily briefing.

Anonymous claims to have breached the US Census Bureau, releasing US Government officials' personal information. (Not all affected officials are from the Census Bureau.) Opposition to the Trans-Pacific Partnership Agreement (TPP) and Transatlantic Trade and Investment Partnership (TTIP) motivated the hack, Anonymous tells HackRead. The collective's self-described representative also says getting in (by SQL injection) was "a piece of cake," and that this will "hurt a lot of people."

HP's TippingPoint announces four execution-code vulnerabilities it found affecting smartphones using Microsoft's Internet Explorer. TippingPoint disclosed these privately to Microsoft some months ago; their self-imposed embargo on public discussion expired over the past weekend. The bugs remain unpatched. Microsoft says it's monitoring the situation, and has observed no attacks in the wild.

More malicious apps are found in the Google Play Store.

As the US OPM restores access to its e-QUIP system (noting security enhancements and testing) bills to extend breach victims' support advance in Congress. Observers say (Fox News breathlessly reports) that the incident is much bigger than generally appreciated, and that its effects aren't fully contained. More calls for deterrence appear, some of which recognize the complex relationship between combat and intelligence collection. The inevitable scams persist: the Federal Trade Commission wants you to know they're not calling you about OPM; OPM warns against continued phishing.

In industry news, public and private cyber companies attract investors. Raytheon, unlike other big defense integrators, seems committed to the commercial cyber market.

Patching, vital to security, must, SANS warns, be done deliberately.

Notes.

Today's issue includes events affecting China, France, Israel, Pakistan, Russia, United States.

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Hacks U.S. Census Bureau, Leaks Officials' Personal Data Against TPP/TTIP (HackRead) Remember the Anonymous hackers behind the massive World Trade Center (WTC) leak? Well, he's back with another breach and this time their target was the U.S. Census Bureau against TTIP/TPP

Fully patched Internet Explorer for smartphones menaced by whopping 4 code-execution bugs (Updated) (Ars Technica) Exploit details published six months after they were privately reported to MS

Trojan Porn-Clicker Infests Android Apps for Hundreds of Thousands of Downloads (IT Security Guru) A fake Dubsmash application, which is actually a porn clicker Trojan, has been uploaded to the Google Play Store — again

What Do You Mean Minecraft 3 Isn't Real? Fake Sequels Have Infected Thousands of Android Devices (CyberShack) Non-existent sequels to popular applications have infected as many as 100,000 Android smartphones with what's known as a "Porn Clicker Trojan"

OpenSSH bug enables attackers to brute-force their way into poorly configured servers (Help Net Security) A vulnerability in the popular secure remote access software OpenSSH can be exploited by attackers to try to brute-force their way into the connection and access Internet-facing computers and/or servers

Bug in OS X Yosemite allows attackers to gain root access (Help Net Security) Security researcher Stefan Esser has revealed the existence of a privilege escalation vulnerability affecting OS X 10.10 (Yosemite), and has provided a working proof of concept local exploit that installs a root shell on the target machine

Another Day, Another Patch (Team Cymru) FreeBSD users were treated this week to an interesting new denial of service attack vector. All supported versions of the OS are affected by the bug, which has now been patched. Junos OS, which is based on FreeBSD, is also affected. If you're a FreeBSD admin and you haven't patched, feel free to disappear now and do so. Don't worry, we'll be here when you're done

EXCLUSIVE: Entire US national security system possibly compromised by year-long cyber-assault (Fox News) The prolonged hacking into the White House Office of Personnel Management, which put the personal information of at least some 21.5 million past and current federal employees in jeopardy, is only the beginning of the security threat to the Obama Administration and its successors

It's NOT the FTC calling about the OPM breach (FTC) If you're an OPM data breach victim, you probably know to look out for identity theft. But what about imposter scams? In the latest twist, imposters are pretending to be the FTC offering money to OPM data breach victims

Important message concerning Email Scams (USAJobs (Office of Personnel Management)) Please be advised that the USAJOBS system is not sending out email notifications asking users to revalidate account login information such as Username and Password; by clicking a link within the email. Do not click on any links in the email. This is a phishing attempt to capture the USAJOBS user's login information. Any emails received on that subject should be deleted immediately

What You Need To Know About Ransomware and Exploit Kits (Cyveillance) After a brief lull, ransomware infections appear to be on the rise again. In June, there was a spike in Crypt-based infections, and security experts estimate one million systems have already been compromised

Catch Me If You Can: How APT Actors Are Moving Through Your Environment Unnoticed (TrendMicro: Simply Security) Companies that have experienced data breaches often wonder the same thing — "How were the hackers able to move through my environment for that long without being detected?" The average amount of dwell time during a data breach is 205 days, according to a report by Mandiant. Behind each breach there are one, or more, actors driving the campaign, and catching that person is becoming increasingly more difficult

Chris Valasek on Car Hacking (Threatpost) Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles' on-board systems, and how much of a threat these attacks pose to drivers

'We're the victims!' — Hacking Team comes out fighting (Computing) Hacking Team, the security software company that provided governments worldwide with covert hacking and surveillance tools, has come out fighting in a statement defending the company

Donald Trump's Wikipedia page deleted by vandals twice in one day (Naked Security) Donald Trump is hard to ignore, but could he perhaps be erased?

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Updates (US-CERT) Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a denial-of-service condition, or take control of the affected application

Several Critical Flaws Patched in Drupal Module (Threatpost) There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely

WordPress Patches Critical XSS Vulnerability in All Builds (Threatpost) WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise

Cyber Trends

Too Much Innovation: The Cyber Challenge (Lifehacker) "Electronic warfare is the same as cyber. If you put it crudely, you basically shoot pulses at a system to take it out. In cyber, you shoot bits at the system to take it out". Peshin told us the cyber security market is very busy with a huge number of start ups and established companies pushing their cyber credentials. However, such a vibrant market has created a massive challenge for companies

Have Our Security Rock Stars Failed Us? (SecurityWeek) In almost any endeavor, success usually comes with additional responsibility. For example, a promotion into a management or executive position comes with the additional responsibilities associated with that position

Cyber-security in the Connected Car Age (The C-Suite) IHS Automotive has been tracking the growing threat of car hacking as connected cars become the norm

Marketplace

Global managed security services market to reach $29.9 billion by 2020 (Help Net Security) The global managed security services market is expected to reach $29.9billion by 2020, registering a CAGR of 15.8% during 2014-2020, according to Allied Market Research

The Chief Risk Officer: When a Triangle Becomes a Square (Willis Wire) The traditional shape for the apex of a pyramid is a triangle, right? Translate that into an organogram for any large organisation and you can be sure that the three corners will be occupied respectively by the Chief Executive, the Chief Financial Officer and the Chairman

Do CISOs deserve a seat at the leadership table? (Help Net Security) A ThreatTrack security survey of C-level executives at U.S. enterprises employing a CISO found that despite a rash of high-profile data breaches in the last year, many in the C-suite still fail to fully appreciate their CISO's contributions and view them primarily as scapegoats in the event of a data breach

Cybersecurity Is a Huge Risk; Fortinet Is Capitalizing on It (The Street) Last year saw a record number of cybersecurity attacks, with hackers stealing emails, financial data and personal information from firms including Target (TGT), Sony (SNE) and even the White House. Among those benefiting most from this unpleasant trend is Fortinet (FTNT - Get Report), a cybersecurity firm that has seen its shares jump more than 75% over the past 12 months

Cybersecurity stocks rally on Fortinet's results/guidance (Seeking Alpha) As was the case 3 months ago, security tech plays are up strongly (HACK +3.6%) after Fortinet (FTNT +12%) beat estimates, reported strong billings, and delivered above-consensus top-line guidance. The Nasdaq is up 0.3%

Proofpoint, Inc. (PFPT — $67.54*) Raise Price Target Solid June Results, Raises FY15 Top-Line/Billings (FBR Blue Matrix) Last night, July 23, Proofpoint (PFPT) delivered another solid performance, coming in well above the Street's 2Q estimates on the top line and for billings while, importantly, also giving a September quarter/2015 top-line outlook above expectations

Will Qualys, Inc. (NASDAQ:QLYS) Surprise this Quarter? (Investor Newswire) An Earnings surprise occurs when a company reports earnings that differ from what analysts had expected. An earnings surprise in either a positive or negative direction can often result in significant stock price movement immediately after the earnings announcement, but can also have a long-term effect as well

Palantir raising $500 million to become one of valley's most valuable companies (San Jose Mercury News) Palantir Technologies, the secretive data-analytics company that has been used in counterterrorism efforts and intelligence gathering, is close to completing a $500 million funding round, a cash boost that could elevate it to the fourth-most-valuable venture-backed company in the world

Investors fling fresh cash at Mike Lynch-backed Darktrace (Register) Former spook-operated biz now worth more than £60m

Vupen Launches New Zero-Day Acquisition Firm Zerodium (Threatpost) In the weeks since the Hacking Team breach, the spotlight has shone squarely on the small and often shadowy companies that are in the business of buying and selling exploits nd vulnerabilities. One such company, Netragard, this week decided to get out of that business after its dealings with Hacking Team were exposed. But now there's a new entrant in the field, Zerodium, and there are some familiar names behind it

Sale Of The Veritas Business Could Boost Symantec's Valuation By 10% (Seeking Alpha) Global security software giant Symantec is reportedly closing in on a deal to sell its information management business, Veritas, to private equity firm Carlyle Group

Raytheon Cuts 2015 Forecast on Costs in $1.9 Billion Cyber Deal (BloombergBusiness) Raytheon Co. cut its 2015 profit forecast as the maker of Patriot missile defense systems absorbs costs from a $1.9 billion deal to create a cybersecurity company

Raytheon Backs Cyberspace Push as Rivals Bail (Dow Jones via Nasdaq) Defense contractor expects cyberventure to be accretive in two to three years

CyberPoint's Karl Gumtow Named One of Maryland's "Most Admired CEOs" by Daily Record (Virtual Strategy Magazine) The Daily Record has named Karl Gumtow, CEO and co-founder of CyberPoint International, as one of Maryland's 2015 Most Admired CEOs

Products, Services, and Solutions

Symantec is Already Planning for a Safer Cyber Monday (PYMNTS) While Cyber Monday is still months away, information protection company Symantec is challenging eCommerce retailers to make this year's annual online shopping event, which takes place on the Monday following Thanksgiving and Black Friday, the safest on record

Mac security software gets put to the test (IT Pro Portal) Not so long ago most Mac users would have told you that their systems didn't need any form of protection as they were inherently safe. But the world has become a more dangerous place and last year the iWorm malware is thought to have recruited some 18,000 Macs into a botnet

ThreatTrack Correlates Discovered Malware And Anomalous Network Behavior To Stop Cyberattacks (Business Solutions) ThreatSecure Network combines advanced malware detection and network traffic monitoring to identify lateral movement across networks that indicate an active attack

WatchGuard visibility tools take fight to hackers (BDaily) WatchGuard have announced a variety of visibility and ease-of-use enhancements to its award-winning threat intelligence platform, WatchGuard Dimension®. This release also allows customers to preview several brand new network control features designed to make it possible for IT administrators to translate network visibility into immediate action

Niara Partners with Cloudera on Big Data Security Analytics (Inside Big Data) Niara, provider of big data security analytics for advanced threat discovery and investigation, today announced a new partnership with Cloudera, a widely adopted big data platform

Akamai Identified as a Leader in DDoS Services by Independent Research Firm (MarketWatch) Akamai Technologies, Inc. AKAM, +1.04% the global leader in content delivery network (CDN) services, today announced the company has been identified by Forrester Research, Inc. as a Leader in The Forrester Wave™: DDoS Services Providers, Q3 20151. Akamai received the highest score in Market Presence and tied for the highest score in Strategy

Nexusguard Cited in Independent Research Firm's Report Covering DDoS Service Providers (PRNewswire) Nexusguard provides global DDoS protection, recognized for heuristic approach

Splunk Named a Leader in 2015 Gartner Magic Quadrant for SIEM (MarketWatch) Splunk Inc. SPLK, -0.76% provider of the leading software platform for real-time Operational Intelligence, today announced it has been named a leader in Gartner's 2015 Magic Quadrant for Security Information and Event Management (SIEM)* for the third straight year

Who Is the Leader (Again) in Gartner’s 2015 Magic Quadrant for SIEM? (IBM Security Intelligence) It's that time of year again: The biggest-ever annual Gartner Security and Risk Management Summit is over, summer is at its peak here in New England, and IBM Security QRadar is again the leader in Gartner's 2015 Magic Quadrant for SIEM

Technologies, Techniques, and Standards

Ashley Madison Extortion Attack: Critical Lessons For Enterprise Cybersecurity (Forbes) Do you cheat on our spouse? Then chances are, you're sweating bullets over the recent Ashley Madison hack. However, if you're in enterprise IT, you should be as distressed as any cheater, regardless of how faithful to your other half you actually happen to be

Worried about Google's Your Timeline? Here's how to disable tracking (Naked Security) There's a shark tracker put out by the conservationists at OCEARCH that ties together the data emitted by tagged sharks, displaying the wanderings of the apex predators to fans. Now, thanks to Google, you too can consider yourself tagged

How experts stay safe online and what non-experts can learn from them (Help Net Security) Google researchers have asked 231 security experts and 294 web-users who aren't security experts about their security best practices, and the list of top ones for each group differs considerably

Patching in 2 days? - "tell him he's dreaming" (Internet Storm Center) With all the patching you have been doing lately I thought it would be opportune to have a look at what can and can't be done within two days. Why two days? Well quite a few standards want you to, I guess that is one reason, but the more compelling reason is that it takes less and less time for attacks to be weaponised in the modern world. We have over the past year or so seen vulnerabilities released and within hours vulnerable systems are being identified and in many cases exploited. That is probably a more compelling reasons than "the standard says to". Mind you to be fair the standard typically has it in there for that reason

Bad IT: Don't make these mistakes in your organization (ITWorld) Learn from these real-life examples of less-than best practices, performed both by IT organizations and IT pros

The challenges of implementing tokenization in a medium-sized enterprise (Help Net Security) We have seen a concerning pattern in the recent data breaches, including the breach at the Internal Revenue Services (IRS) and other US government agencies in that the primary target was Social Security Numbers (SSN) and other Personal Identifying Information (PII). Criminals typically started by stealing data from smaller, less protected organizations and then used that data to attack larger but better protected organizations

A primer on dealing with the media as a hacker, and dealing with hackers as the media (CSO) Here's a simple guide for dealing with the media as a hacker, including tips on dealing with hackers for journalists

Research and Development

New Patent granted Keypasco in China (Scribd) The patented core technology with device authentication in a two-channel structure is already implemented in Keypasco products, which mitigates phising, man-in-the-middle, man-in-the-browser, and more

Legislation, Policy, and Regulation

ISI Sought Sweeping Data Collection Tools: Report (Newsweek) Pakistani intelligence sought to tap worldwide Internet traffic via underwater cables that would have given the country a digital espionage capacity to rival the U.S., according to a report by Privacy International

France gets its own 'Patriot Act' in wake of 'Charlie Hebdo' attack (Engadget) Liberté, égalité, fraternité? Maybe strike the first one off that list. While some US lawmakers are trying to pare down the Patriot Act, the French constitutional court has just allowed police to monitor pretty much anyone they want without a warrant. The "Loi Renseignement," or Surveillance Act was first proposed in the wake of the Charlie Hebdo shootings in Paris, and approved by legislators in May. It's now the law of the land, and Prime Minister Manuel Valls tweeted that "France now has a security framework against terrorism that respects liberties." However, many folks disagree with that sentiment, and France's constitutional court itself strongly opposed the lack of oversight

Opinion: Why the US government must lose cryptowars 2.0 (Christian Science Monitor Passcode) Law enforcement's argument today is just as flawed now as it was in the 1990s. We cannot bend software or cryptography to our will — technology is science, not magic

It's time to take cyberattacks seriously and install a deterrence plan (Washington Post) As a member of the House Select Committee on Intelligence, I am reminded every day that we live in a dangerous world. It is violent and chaotic, and it's becoming more so all the time. But among the many national security threats that we face, in no area are we more vulnerable, and do we face so great a destructive potential, than the cyber realm. Our power grid, banking system, energy pipelines, air traffic control and other critical systems all are at risk. The recent cyberattack on the Office of Personnel Management is a clear demonstration of our vulnerabilities

How the cyber domain blurs the lines on warfare (Defense Systems) U.S. leaders are still wrestling with the complicated questions of how best to respond to cyber attacks. For evidence, look no further than the breach of records at the Office of Personnel Management. Privately, officials say they're certain China was behind the hack. But publicly, it spears the United States will not point the finger at China or retaliate, primarily for two reasons: ongoing economic relations and the fear of revealing intelligence methods

Ayotte seeks to bolster Homeland Security cyber efforts (New Hampshire Business Review) Bipartisan measure would give DHS power to monitor all federal computer networks

OPM Says Background Check System Now Back Online After Security Tweaks (Nextgov) The Office of Personnel Management on Thursday afternoon announced it's beginning to restore access to an online system used to process background investigations. Officials had yanked the system offline last month after uncovering a vulnerability during a security review

Senate Panel Approves 10 Years of Protection Services for Hack Victims (Government Executive) A Senate panel on Thursday approved a measure to give current and former federal employees and contractors affected by the hack of data maintained by the Office of Personnel Management protection services for 10 years, more than three times longer than OPM originally offered

OPM Looks for Contractor to Notify Victims of Background Check Breach (Nextgov) Nearly two weeks after announcing that over 21.5 million people had their information hacked from government servers, the Obama administration is moving to hire a contractor to notify and provide identity fraud-protection services to affected individuals

OPM retroactively raises the price of background investigations for other agencies (FierceGovernment) The Office of Personnel Management has retroactively increased the prices that agencies have to pay to have background checks done for new employees and those seeking security clearance, according to a July 21 OPM memo

Cyber leadership void in Congress (The Hill) With August recess and the end of the fiscal year looming, congressional leaders say they are focused on cyber security. They are focused on the private sector as they work to collaborate on legislation, which would bolster information sharing between the government and corporations. They are focused on the executive branch as they review the results of the White House's 30-day "cybersecurity sprint." But to truly address our cybersecurity vulnerabilities Congress must turn its focus within

DoD's greatest challenge is defending from cyber attack (Lexington Institute via ECN) The Department of Defense is not merely dependent on networks; networks provide critical military advantage across virtually all warfighting domains. These networks are constantly changing, growing, reconfiguring. There are now more than 7 million devices connected on the DoD networks. There are multiple networks at different levels of classification, supporting individual Services, operating in different parts of the world

NSA Appoints Obama Bundler As New Top Lawyer (Daily Beast) Washington attorney and Obama fundraiser Glenn Gerstell gets tapped for the top legal post at the nation's largest intelligence agency

Litigation, Investigation, and Law Enforcement

Criminal Investigation Sought Into Hillary Clinton's Emails (Wall Street Journal) Justice Department asked to consider a criminal investigation due to concerns about mishandling of classified information

Insider Threats: DOD Should Improve Information Sharing and Oversight to Protect U.S. Installations (Government Accountability Office) Since the 2009 Fort Hood shooting, the Department of Defense (DOD) has made efforts to update 7 of 10 key force protection-related policy and guidance documents and is taking steps to revise the remaining 3 to incorporate insider threat considerations

U.S. Postal Service Cyber Security Functions: Audit Report IT-AR-15-008 (Office of Inspector General, United States Postal Service) Cybersecurity is the body of processes, practices, and technology designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. In November 2014, the U.S. Postal Service announced a significant cyber intrusion had occurred that compromised large amounts of data. This report addresses cybersecurity functions of the Postal Service at the time the intrusion was identified. Our objective was to determine whether the Postal Service's structure, operations, and resourcing of cybersecurity functions aligned with industry best practices to support the enterprise. We examined Corporate Information Security Office processes and other Postal Service cybersecurity functions

You Are Now Liable for Your Butt Dials (BloombergBusiness) Accidentally calling someone is like leaving your curtains open. People are allowed to peek inside

Drones and Spyware: The Bizarre Tale of a Brutal Kidnapping (Wired) The press called it the "Gone Girl" kidnapping. But the bizarre story of a former Marine and Harvard-trained lawyer who allegedly masterminded the abduction of a California woman is notable for more than the twists and misdirections that made it fodder for CNN. It's a rare kidnapping-for-ransom scheme that availed itself fully of the riches of the Internet age, providing a glimpse of a future where brutal, physical crime and its digital analog merge into one

Hot Lotto security chief found guilty of scamming his own lottery for $14.3m (Naked Security) Eddie Raymond Tipton, the former security director of the Multi-State Lottery Association (MUSL), has been convicted of a $14.3m lottery scam

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Risk Wednesday: Rethinking Commercial Espionage (Atlantic Council: Brent Scowcroft Center on International Security, July 29, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on July 29 from 4:00 p.m. to 5:30 p.m. for a discussion on new ideas on commercial cyber espionage and intellectual property theft

Upcoming Events

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

PragueCrunch IV: The Enpraguening (Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.