skip navigation

More signal. Less noise.

Daily briefing.

A protest nominally organized by Anonymous — #OpC51 — took down a number of Canadian federal websites yesterday. The denial-of-service attack was intended to register opposition to that country's anti-terror legislation.

Duqu 2.0 remains under analysis. The incident prompts consideration of the ease with which false flags can be planted, and the attendant challenges of attribution.

ISIS continues to enjoy a propaganda advantage in the information war it's waging with the rest of the world. That advantage is difficult to characterize (Foreign Policy contents itself with "je ne sais quoi") but whatever it is, an effective counter narrative will require real, tangible content, not, as a former ambassador bitterly puts it, "magic social media or public diplomacy pixie dust."

The US OPM breach expands, and has now reached the personal information of Congressional staffers. Outrage expands, too, and most of it's directed against US Government IT security as implemented by the Office of Personnel Management. Former NSA (and CIA) director Michael Hayden states his opinion plainly: don't get mad at the Chinese services — those services were pursuing an entirely "legitimate foreign intelligence target." The OPM affair prompts some lessons to be drawn, best practices to be recommended.

Researchers demonstrate (and name) a new vulnerability in OS X and iOS, "Cored" or "Xara," affecting Keychain credential management.

Symantec warns of a new password recovery scan.

Tor Browser has been upgraded. Drupal addresses multiple security issues.

Australia and the US independently pursue regional cyber cooperation.

The FBI's still looking at the St. Louis Cardinals.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Canada, China, Germany, India, Iran, Iraq, Israel, Mexico, Russia, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Cyberattack takes down government websites; 'Anonymous' claims responsibility (CTV National News) Federal government websites were hit by a cyberattack Wednesday and the hacking group Anonymous has claimed responsibility for the attack

#OpC51 Anonymous hit systems at Canadian Government (Security Affairs) Anonymous claimed responsibility for running DDoS attacks on Canadian government systems against the approval of anti-terror law C-51

Analysis of CVE-2015-2360 — Duqu 2.0 Zero Day Vulnerability (TrendMicro Security Intelligence Blog) The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques

Analysis: the unbearable ease of planting false information (i24 News) China, Israel, Iran. Fingers are pointed at them all

The Islamic State's Je Ne Sais Quoi (Foreign Policy) There's a reason why the United States is losing the propaganda war against ISIS

Where ISIS Has Directed and Inspired Attacks Around the World (New York Times) The arrest on Saturday of a Queens college student on charges of conspiring with the Islamic State is just the most recent example of the group's global strategy, which began about one year ago and has resulted in attacks or arrests in more than a dozen countries

OPM Breach Includes Congressional Staffers (Roll Call) As government officials answered questions about the recent Office of Personnel Management data breach, former and current congressional staffers processed the notices they are receiving from the agency that they, too, were affected by the breach

Michael Hayden: "Those Records are a Legitimate Foreign Intelligence Target" (Lawfare) Don't blame the Chinese for the OPM hack, says former NSA and CIA Director Michael Hayden. If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarassment"

Military clearance OPM data breach 'absolute calamity' (Military Times) Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members

Feds' cyber security woes can't all be blamed on legacy systems (ZDNet) Creaky systems that can't use the latest encryption are merely one item in a cyber security mess that took decades to create

Apple OS X and iOS in the vulnerability spotlight — meet "CORED," also known as "XARA" (Naked Security) The security issue of the week has arrived, and, quelle surprise, it's attracted a funky name already

Samsung Keyboard Security Risk Disclosed: Over 600M+ Devices Worldwide Impacted (NowSecure) Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user

Cybercrims bypassing two-factor authentication with simple txt (SecurityWatch) Strong passwords and two-factor authentication are no match for simple social engineering it appears, with security vendor Symantec warning of a new password recovery scam tricking users in to handing over email account access

CVE-2014-4114: Tracing the Link (ThreatGeek) In June 2015, we published Fidelis Threat Advisory #1017 and a blog post on unrelated hostile cyber criminal activity based on the exploitation of CVE-2014-4114, using a novel technique leading to zero antivirus detections for this well-known vulnerability

Newly patched Flash Player bug exploited to deliver crypto ransomware (Help Net Security) It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro researchers warn

Vawtrak Trojan Now Increasingly Obscure by Employing Tor2Web, Finds Fortinet (Spamfighter) Creators of Vawtrak the banking Trojan, whose other names are Snifula and Neverquest, are using the Tor2Web to make their servers obscure and so more difficult for security researchers to detect the malware's activity, says Fortinet the security company

Fred's is latest chain to investigate possible security breach (FierceRetailIT) The latest sizable chain to report a potential credit card breach is Fred's (NASDAQ:FRED), a general merchandise discounter with about 650 stores and 300 pharmacies in 15 states

Microsoft's site dedicated to fighting US surveillance just got hacked (ZDNet) The site, which appears to be running an older version of WordPress, was displaying casino-related pages

MacKeeper — a(nother) reason not to use it (Graham Cluley) I've never been a fan of MacKeeper

Security Patches, Mitigations, and Software Updates

Tor Browser 4.5.2 is released (Tor) A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory

Drupal Releases Security Updates (US-CERT) Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's

Cyber Trends

Federal records hack underscores overconfidence in records management policies (FierceContentManagement) In light of the recent federal records data breach, a recent survey of 150 federal workers involved with records management takes on a whole new meaning. Fourteen federal organizations were surveyed, including the Department of Veteran's Affairs. While the VA itself wasn't hacked, an unknown number of files belonging to active and retired military members were stolen

Baseball, hacking, and security (Network World) Corporate espionage is commonplace, even in baseball

Report: Little Being Done to Combat Insider Threats (National Defense) Despite high profile cases of employees stealing information from intelligence agencies and the military, companies and organizations are taking few steps to thwart insider threats, a recently released report said

Why break in, if you can simply login? (Help Net Security) I was asked the other day why so many security breaches are hitting the headlines and are seemingly getting larger and more frequent. The game of cyber security has changed significantly over the years and defenders are slow to modify their playbooks and tactics

Education key to bolstering remote-access security for providers (FierceHealthIT) In his own doctor's office, cybersecurity expert Gary Glover found he could gain unauthorized access to physician practice data

Asset managers at risk from cyber-attacks (Global Investor) Asset managers, relatively protected until now, are increasingly at risk from cyber-attacks. Hannah Smithies explores what can be done to guard against new threats

Time to Embrace Cloud Security as a Service (MSPmentor) If you've heard it once, chances are, you've heard it a hundred times: organizations still hesitant to adopt to the cloud feel this way because of a perceived lack of security

Public Sector Target of Choice for Malware Attacks (The C Suite) Public sector becomes top target for malware attacks in the UK, says NTT Com Security Global Intelligence Threat Report

Sicherheitsexperten warnen vor Stromausfall im Land (Stuttgarter Nachrichten) Hacker nehmen offenbar immer häufiger auch die äffentliche Versorgung ins Visier. IT-Experten kritisieren veraltete Software und schlechten Schutz. Die Versorger dementieren

Marketplace

Hack attacks 'discourage' investment in targeted companies (IR Magazine) Fewer than 50 percent of boards have skills needed to deal with cyber-security, KPMG study shows

The Cyber Security Market Is Still Strong (In Case You Forgot) (Benzinga) A new report by Bank of America analyst Tal Liani focuses on the latest numbers from the cybersecurity space and discusses Bank of America's outlook for several of the major cybersecurity players. The report also includes several price target hikes for cybersecurity stocks

Columbia cyber firm wins federal contract worth up to $10.7M (Baltimore Business Journal) Chiron Technology Services has a won federal cybersecurity contract worth up to $10.7 million

Twitter is joining Google and Facebook in the artificial intelligence arms race (Business Insider via Yahoo! Finance) The changing of the guard in Twitter's executive suite hasn't put a halt to the company's M&A activity

Insight Venture Partners to buy Israeli co Checkmarx (Globes) Insight will buy a majority stake in the Tel Aviv based IT security firm at a company value of $100 million, according to reports

CYREN Awarded $0.93 Million Cyber Innovation Grant By Israeli Office of the Chief Scientist (PRNewswire) CYREN (NASDAQ: CYRN) today announced that it has been awarded a government grant of NIS 3.6 million (approximately USD 0.93 million) from the Office of the Chief Scientist (OCS) at the Ministry of Economy of Israel

Security software maker AVG opens R&D centre in Israel (Reuters) Security software maker AVG Technologies NV said on Wednesday it was opening a research and development centre in Israel that would focus on emerging mobile threats

Organizations Grapple With Security Talent Shortage (CIO Insight) When it comes to security, companies are trying to do the best they can with what they have and are often simply hoping they aren't targeted in a cyber-attack

Google to shell out up to $58k for new Nexus epic pwnage (Register) Remote low level attacks plus patch to be answered with cash

LinkedIn Goes Public with its Private Bug Bounty (Threatpost) Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve security overall

Fidelis Cybersecurity Hires Former McAfee GM; Expands Executive Team with Technology and Research Leaders (BusinessWire) Addition of global sales and HR executives and promotions of key contributors strengthens team focused on solidifying Fidelis' leading advanced threat defense market position

Resilient Systems Appoints New CFO and VP of Marketing to Support Rapid Growth (Resilient Systems) Karen Higgins joins company as CFO, Maria Battaglia as VP of Marketing as organizations turn to leading incident response platform provider to thrive in the face of cyberattacks

Key Management Reshuffle Inside Microsoft (24/7 Wall Street) Microsoft Corp. (NASDAQ: MSFT) is looking to shake things up. The company plans to shift some of its senior leaders around in an effort to address evolving trends within Microsoft's space

Bird lands executive role at Symantec (MicroScope) The moment when Symantec splits into two is moving ever closer and the vendor is finalising the excutive team thay will take the business forward

Products, Services, and Solutions

F-Secure updated security solution offers new capabilities to IT managers (Infotech Lead) F-Secure has updated its Business Suite security solution to help IT Managers control and manage risks. Business Suite combines features such as web content control and automated patch-management

Apple working with MobileIron to ship enterprise apps (FierceMobileIron) Apple has been working with MobileIron on OneTouch, a MobileIron service that packages and secures enterprise iOS apps for organizations and pushes them to their users, according to a MobileIron spokeswoman

Green Berets' efforts to take down ISIS undermined by shoddy U.S. intelligence (Washington Times) Army Green Berets planned for a wide range of actions in Iraq this year but bemoaned the sorry state of U.S. intelligence assets in the country to help the local security forces find and kill Islamic State terrorist targets, an internal Army memo says

Stale, dead apps emerging as serious mobile security risks (TechTarget) While there's plenty of information available today pertaining to enterprise cybersecurity risks and mitigation strategies, there is a lack of data specifically focused on the mobile security risks of employee devices and apps

Using Image Search Tools to Improve Your Security Program (Cyveillance Blog) Last week we discussed our expanded Global Intelligence capabilities, the first of two recent enhancements to the Cyveillance Cyber Threat Center™. Today, we will go over the second new feature, Content-based Image Retrieval (CBIR)

Review: The best password managers for PCs, Macs, and mobile devices (CSO) 10 local and cloud-based contenders make passwords stronger and online life easier for Windows, OS X, iOS, Android, BlackBerry, and Windows Phone users

Technologies, Techniques, and Standards

Encrypting data at rest is vital, but it's just not happening (ZDNet) Regulators and security strategists recommend encrypting data at rest, but few organisations do it, and most get it wrong. Good thing there are bigger problems to tackle first

Why You Might Want To Encrypt Your Syslogs Now (IT Jungle) Every day millions of IBM i server events are packaged up in the syslog standard and sent offsite for safekeeping and analysis. In many cases, the syslog files are sent in plain text across the wire because, hey, they're just boring old log files, and what could anybody ever do with those, right? Wrong

Emulating the security analyst with software (Help Net Security) This is the second installation of a two-part article discussing why static security detection methods can no longer protect enterprises from advanced hacking efforts. In this installation, the author will discuss why the security industry must begin to look at a more dynamic approach to security alerts

OPM Breach Offers Tough Lessons For CIOs (InformationWeek) While your enterprise may have a chief information security officer and a robust data governance department, CIOs and IT organizations are the ones on the front lines of protecting enterprise data. What lessons can we draw from the OPM breach?

6 breaches: Lessons, reminders, and potential ways to prevent them (CSO) No organization wants to be the next headline, but looking at those who have been breached can help keep others out of the spotlight

Is Your Security Operation Hooked On Malware? (Dark Reading) It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats

Threat Intelligence Can Provide A New Level Of Cybersecurity (InformationWeek) Digital Shadows CTO James Chappell discusses how to use big data and data analytics to stay ahead of attackers

Design and Innovation

IoT is the password killer we've been waiting for (IT World via CSO) IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine

Academia

Cyber Citizenship Heads to Texas Public Middle Schools (Huffington Post) Ninety two percent of teens report going online daily — including 24 percent who say they go online "almost constantly," according to a new study from Pew Research Center; April, 2015. Today's tween and teens are given a powerful tool that enables them to connect with people, places and things globally with little to no Cyber Citizenship education. A lack of cyber education puts teens and tweens at a greater risk of human trafficking, identity theft and cyber bullying

Legislation, Policy, and Regulation

Foreign Groups Fear China Oversight Plan (New York Times) A remarkable assortment of foreign organizations set up shop in China in the decades after its emergence from isolation under Mao Zedong, offering good will, money and expertise that helped link the nation more closely to the rest of the world and turn it into the global powerhouse it is today

Regional security approach pays threat-intelligence dividends but sharing must be managed (CSO) Regional security approach pays threat-intelligence dividends but sharing must be managed

US seeks stronger cyber ties with North American neighbors (The Hill) After firming up its cybersecurity relations with a number of overseas allies, the Obama administration is turning its attention to its North American neighbors this week

US House Seeks Larger US-India-Israel National Security Cooperation (NDTV) The US House of Representatives has passed a bipartisan amendment to the FY2016 Intelligence Authorization Act calling for expansion of US-India-Israel national security cooperation

Industry Weighs In on Data Security, Cybersecurity Legislation (JDSupra) Members of the financial industry were able to share their positions and voice concerns at a recent hearing held by the House Committee on Financial Services. Discussing "Protecting Consumers: Financial Data Security in the Age of Computer Hackers," representatives from the Financial Services Roundtable, the Electronic Transaction Association, and the PCI Security Standards Council (as well as a voice from the retail industry and tech sector) talked about the elements of the multiple data security and privacy bills currently pending before Congress

Opinion: The reasonable expectation fallacy (Christian Science Monitor Passcode) The ability to delete yourself from the Web doesn't really matter. What really matters in the age of advanced surveillance is the right to not be correlated. Technology is always watching and capturing you, but the correlation is where the danger lies. Laws can change that, but only if enacted soon

GOP, White House clash over cyber center (The Hill) The White House is pushing back against the Republican vision for the administration's new cyber agency, claiming the GOP has bigger plans for it than the administration ever intended

Pentagon seeks to hold its IT users more accountable for cyber missteps (Federal News Radio) The Defense Department has no shortage of regulations designed to encourage and enforce good cybersecurity behavior on its own networks. But DoD's chief information officer said as of now, there are too few consequences for users who run afoul of those rules. That's about to change

Release of U.S. Coast Guard Cyber Strategy (Coast Guard Compass) For more than two centuries, the U.S. Coast Guard has harnessed innovations and leveraged new capabilities to ensure safety, security and stewardship across the maritime domain. In continuing a proud history of responding to the nation's maritime needs, the Coast Guard has fully embraced a new operating domain — cyberspace

Litigation, Investigation, and Law Enforcement

OPM: Data Breach (Full House Committee on Oversight and Government Reform) To provide Members an opportunity to gain information on the nature and extent of the recent U.S. Office of Personnel Management (OPM) data breach

Lawmakers slam OPM for 'grossly negligent' approach to data security (Christian Science Monitor Passcode) At a Congressional hearing Tuesday, Office of Personnel Management officials testified about plans to bolster digital defenses in the wake of hacks that exposed millions of sensitive records about government officials

Oversight chair wants officials fired over hack (The Hill) House Oversight Chairman Jason Chaffetz (R-Utah) called on President Obama to fire at least two top officials from the embattled Office of Personnel Management (OPM) over their role in the massive data breach that has rattled the government

Congress seeks to block U.S. intel from German NSA probe (Washington Times) President Obama wants to share U.S. secrets with a German parliamentary committee investigating the National Security Agency's spying in Germany. The move is in direct opposition to Congressional restrictions, which were added to the fiscal 2016 intelligence authorization bill that would block intelligence sharing

Opinion: Is Surespot the latest cryptowar victim? (Christian Science Monitor Passcode) The encrypted chat app has been mum since suggesting it was about to receive a government subpoena. Its silence implies that the government may be snooping on its users, which have included Islamic State militants

Navigating the Complexities of International Privacy and Data Laws (Legal News) Experts discuss the evolving regulation of privacy in the U.S. and abroad, and how international businesses should address them

Dubai authorities not scrutinising social media: Report (Emirates 24/7) Officials say they respect privacy of users

Snowden's lawyer slams Times story claiming leaks 'betrayed' British spies (Globe and Mail) A Sunday Times article stating that British spies had been "betrayed" to Russian and Chinese intelligence services as a result of Edward Snowden's mass-surveillance revelations to the press is "utter nonsense," claims the whistleblower's lawyer

Cyber hacking not as rare in sports as you might think, expert warns (Toronto Star) FBI investigating whether St. Louis Cardinals staff behind hacking of Houston Astros

Police break up romance scam gang that fleeced women of $1.5 million (Naked Security) Online romance scams are among the oldest in the conman's arsenal, but sadly we see them all too frequently

Unmasked: How Police Beat Shakespearean Cyber Thieves (Bloomberg) Shakespeare-quoting hackers targeted British banks. Police led a global operation to stop the heist, but can they catch the Shylock gang?

News sites can be held responsible for user comments (Naked Security) News site is responsible for hate-filled comments, says EU courtFreedom of expression and the often swill-filled comment sections it supports got slapped upside the head on Tuesday when the European Court of Human Rights (ECHR) ruled that an online news site can be fined for comments left by anonymous readers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Upcoming Events

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers...

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations...

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges...

Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, June 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber...

Cybersecurity Executive Roundtable (Blacksburg, Virginia, USA, June 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled...

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring...

AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, June 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM)...

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational,...

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part...

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.