skip navigation

More signal. Less noise.

Daily briefing.

Recent ISIS-sympathizing hacks of North American government and business sites indeed prove to be low-skilled skidwork, but that really doesn't matter, Credit Union Times argues: the targets' defenses were low-skill, too. The defacements have been, functionally, information operations, whether centrally directed or not. Social media, of course, remain the principal platforms for ISIS information operations: the US Director of Central Intelligence laments their potential to "amplify terrorism."

December's cyber attacks against a South Korean nuclear power operator bore the marks of anti-nuclear hacktivism, but Seoul says no, it's determined they were the work of North Korea. (Pyongyang of course denounces this conclusion as "nonsense," "provocation," etc.)

KrebsOnSecurity outlines the predictable criminal response to increased paycard security measures: evasion tools like AntiDetect.

Microsoft warns of an "improperly issued" certificate for Windows Live. The certificate authority has pulled it, and Microsoft has updated its Certificate Trust List accordingly.

Analysts look at the grey market for vulnerabilities, and the growing black market for "laundered" data, stolen data rinsed to appear legitimately acquired.

As Microsoft and others complete the good work of Superfish cleanup, a Carnegie-Mellon CERT researcher draws lessons about the risks of SSL inspection.

OpenSSL will be patched Thursday for an as yet undisclosed (but "severe") vulnerability.

In industry news, Raytheon is said to be in talks to acquire Websense. Seeking Alpha thinks Vasco acquisition bait.

Privacy advocates give the US Senate Intelligence Committee's positive vote on a cyber information sharing bill decidedly mixed reviews. Senators Carper and Burr defend the measure.

Notes.

Today's issue includes events affecting Canada, China, India, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Syria, United States.

Cyber Attacks, Threats, and Vulnerabilities

ISIS Hack Exposes Vulnerabilities (Credit Union Times) The sad truth about the recent, so-called ISIS hack on numerous North American websites, including one belonging to a Montana credit union, is that they shared nothing in common except for a preventable vulnerability

CIA chief: social media 'greatly amplifies' terrorism (Reuters via Stuff) Social media and other modern technologies are making it increasingly difficult to combat militants, the head of the CIA claims

South Korea blames North Korea for December hack on nuclear operator (Reuters) South Korea on Tuesday blamed North Korea for cyberattacks against the country's nuclear reactor operator last December, based upon investigations into Internet addresses used in the hacking, but Pyongyang denied any involvement

'AntiDetect' Helps Thieves Hide Digital Fingerprints (KrebsOnSecurity) As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies

Microsoft warns of fake SSL certificate for Windows Live (ComputerWeekly) Microsoft has warned that an SSL certificate for the domain live.fi has been "improperly issued" and could be used to spoof content and perform phishing attacks or man in the middle attacks

One BEEEEEELLION sensitive records went AWOL in 2014 (Register) Vulns also soar; IBM blames 'apathetic developers'

Researchers find same RSA encryption key used 28,000 times (IDG via CSO) Another look at the impact of the FREAK flaw has turned up some surprising findings

Hacker vows cyber attack for dismissal of charges against Detroit policeman who killed 7-year-old (MLive) Wayne County Circuit Court Judge Cynthia Gray Hathaway dismissed a manslaughter charge against Detroit Police Officer Joseph Weekley in October for lack of evidence

House education chair blames Florida testing delays on cyber attack only (PolitiFact Florida) On day 1 of the new computerized standardized tests in Florida, students and administrators across the state couldn't log on to the tests, forcing some districts to postpone the assessments

CTO Insights: Vulnerabilities for Sale (TrendLabs Security Intelligence Blog) 2014 showed that vulnerabilities could be found in all applications — both Heartbleed and Shellshock caught system administrators off-guard by revealing that open-source server applications could have severe vulnerabilities as well

Cybercriminals boost sales through 'data laundering' (ZDNet) A security expert has warned that stolen data is being sold back into legitimate commercial channels

Beware the 'visual hack' (CSO via CIO) The most common form of human hacking is social engineering. But that doesn't mean there is no danger from old-fashioned physical spying in your office

The Risks of SSL Inspection (Carnegie-Mellon CERT Blog) Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a few things

Microsoft and friends get Lenovo's Superfish scourge under control (PCWorld) Microsoft says the Superfish adware that potentially exposed thousands of Lenovo PCs to man-in-the-middle attacks is well under control

Complex, Legacy Code Creates Security Headaches for Microsoft Users (Wall Street Journal) Some of the biggest hacking episodes of the last few years, from Target Corp. to Home Depot Inc., share a common thread. Microsoft Corp. platforms were involved at some level

What pokes holes in virtual environments? (Help Net Security) While most companies believe virtualization technology is a strategic priority, there are clear risks that need to be addressed. Ixia surveyed more than 430 targeted respondents in South and North America (50 percent), APAC (26 percent) and EMEA (24 percent)

Bulletin (SB15-075) Vulnerability Summary for the Week of March 9, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

OpenSSL mystery patches due for release Thursday (IDG via CSO) No details are available yet, but one flaw is of 'high' severity

Cyber Trends

Malware and DDoS Were the Most Common Attack Types in 2014: IBM (SecurityWeek) IBM today released the 2015 IBM X-Force Threat Intelligence Quarterly, a report that details the security incidents, financial malware trends, risky Android apps, and vulnerability disclosures seen in 2014

CISOs: Threat Intelligence, Big Data Analytics and Encryption are Key Technologies (Infosec Island) The 2015 Global Megatrends in Cybersecurity report — which surveyed 1,006 chief information officers, chief information security officers (CISOs) and senior IT leaders — reveals that threat intelligence-based solution will be among the key technologies employed in enterprise networks in the next three years

IoT security is still a pipe dream (Security Affairs) A research conducted by experts at Symantec highlights disturbing security failures in the IoT devices present in today connected home

Native Hadoop Security Tools Not Enough to Protect Sensitive Data in Big Data Environments, According to Protegrity Survey (MarketWired) Organizations plan to increase spending on Hadoop projects and have more production deployments than in 2014

Marketplace

Security Appliance Market Sees Double-Digit Shipment Growth and 8.6% Revenue Growth in the Fourth Quarter of 2014, According to IDC (Legit Reviews) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the fourth quarter of 2014 (4Q14). Worldwide vendor revenue grew 8.6% year over year to $2.6 billion in the fourth quarter, the 21st consecutive quarter of revenue growth. Shipments grew nearly twice as fast as revenue at 16.7% year over year to 635,933 units, making 4Q14 the fourth consecutive quarter of shipment growth. For the full year 2014, revenue and shipments improved 8.4% and 8.3% respectively to $9.4 billion and 2.1 million units

Raytheon Said to Be in Talks to Acquire Vista-Owned Websense (Bloomberg) Raytheon Co. is in talks to acquire Websense Inc., the network-security company owned by private-equity firm Vista Equity Partners LLC, according to people familiar with the matter

8 Reasons Why Vasco Data Security Is A Prime Takeover Target (Seeking Alpha) Vasco Data was rumored to be a target of SYMC last week. Bain Capital paid $2.4 billion for Blue Coat the next day. Vasco's exposure to banks, its leading position in multi-factor authorization, and its cheap valuation are among the reasons it may be next

MSPBanter: Kaspersky Lab on Cybersecurity, Antivirus and More (MSPMentor) Kaspersky Lab looks to raise the cost of cyber attacks for cybercriminals

Chuck Harrington: Parsons' New Virginia-Based Cyber Center to Offer IT Risk Mgmt Services (ExecutiveBiz) Parsons unveiled Friday a new cyber hub in Virginia that is intended to support commercial and government customers who aim to secure their operating environments

Lockheed Adds Radware to Cybersecurity Alliance (ExecutiveBiz) Lockheed Martin has partnered with Radware to share cybersecurity best practices and collaborate on cyber-related pilot programs and experiments as part of the Lockheed Martin Cyber Security Alliance

Safe-T Data Named in CIOReview's 20 Most Promising Enterprise Security Companies (PRNewswire) Safe-T Data, the provider of secure data exchange broker solutions designed to securely bridge the gap between the enterprise and the cloud, announced today that CIOReview Magazine has named it among its "20 Most Promising Enterprise Security Companies"

IT security solutions provider Quick Heal appoints Meera Raman as marketing head (Techcircle) Quick Heal Technologies Pvt Ltd, an IT security software solutions provider, has appointed Meera Raman as its head of marketing. In her new role, Meera will oversee marketing for all geographies of the Quick Heal business network

Products, Services, and Solutions

DataPath Launches New Cyber Security Solutions Tailored to Unique Needs of Remote Communications Networks (BusinessWire) DataPath, Inc. a leading provider of remote communications solutions to the aerospace, broadcast, government and infrastructure markets announced today the launch of new Cyber Security Solutions. The offerings include a variety of information assurance service packages designed to protect the communications networks of operations in remote and harsh environments

Privacy Matters: NeoNova teams with Virtru to simplify email encryption for Google Apps (PRNewswire) NeoNova customers on Google Apps for Work now able to secure and protect emails sent from desktop and mobile

Check Point introduces Threat Extraction (IT Online) Check Point Software Technologies, the largest pure-play security vendor globally, has introduced Check Point Threat Extraction, a new security approach that proactively ensures documents are delivered to a network with zero malware in zero seconds

OPSWAT Brings Multi-Anti-Malware Scanning to Exchange Server (PRWeb) OPSWAT adds Mail Agent to their Anti-Malware Multi-Scanner Metascan to provide advanced threat protection for email-borne threats

Sumo Logic unveils outlier detection, predictive analytics to augment machine learning (Fierce Big Data) Sumo Logic, a machine data analytics service, unveiled outlier detection and predictive analytics capabilities to augment its machine learning and anomaly detection engine. Both are available to Sumo Logic Enterprise Edition users at no cost

Kaspersky Labs Launches Phound! For Android Devices To Offer Essential Mobile Security Features (Android Headlines) Mobile security continues to ramp up, and according to leading name in security software, Kaspersky Labs, during their Kaspersky Lab Consumer Security survey, on average nearly one in twenty people lost their mobile devices due to theft or carelessness

This Black Box Can Brute Force Crack iPhone PIN Passcodes (Intego Mac Security Blog) If you don't have time to read this whole blog post, do one thing for me okay?

Technologies, Techniques, and Standards

Breach Best Practices: It's Time for Incident Response to Grow Up (Forensic Magazine) Forrester's 2015 "Planning for Failure" shows that breaches are as unavoidable as bad weather, but hits a sour note when it characterizes enterprise organizations as unprepared

Can software-based POS encryption improve PCI compliance? (CSO) Some vendors are urging the PCI Council to consider approving software-based point-to-point encryption

Don't Be a Data Breach Victim: Appoint a CISO Before It's Too Late (Trend Micro: Simply Security) No one knows what the future holds, but it's a pretty safe bet to say 2014 will become known as the "Year of the Data Breach." Yet amid the finger pointing, the executive culls and inevitable media coverage, there's another interesting trend: several of the firms compromised by hackers didn't have a functioning chief information security officer (CISO) at the time

Cyber Security Risks in Supply Chain Management — Part 2 (Infosec Institute) In Part 1 of this article series, I discussed various risks involved in supply chain management with the latest example of a malicious adware named "Superfish" installed by default in Lenovo notebooks. In this part, we will learn how we can control all the inherent cyber risks in supply chain management with the proper strategy

Design and Innovation

'Satoshi Was Not a Cryptographer,' Says Gavin Andresen (Cointelegraph) As a lead developer that has worked on Bitcoin for many years, Gavin Andresen has seen his share of mishaps and debates. In the early days of 2011, one faulty transaction created some billion bitcoins out of thin air — "which was bad," he said at DevCore Boston. The developer-minded talk dove into the early days of Bitcoin, including the thornier coding problems that they encountered. Andresen also shared some opinions about Bitcoin's mysterious creator Satoshi Nakamoto

Yahoo's simple — but not necessarily secure — new way to log in (Graham Cluley) Do you find it difficult to remember your Yahoo password?

Cardless ATMs will improve security of cash withdrawal (Security Affairs) A unit of Canada's Bank of Montreal will launch on Monday its network of cardless ATMs, a technological innovation to improve users' security

Research and Development

MIT, Raytheon and others partner to combat cyber threats (Boston Business Journal) MIT and companies including Waltham-based defense contractor Raytheon have teamed up to launch a cybersecurity initiative aimed at combating cyber threats on a broad scale

Information security innovation and research (Help Net Security) Sin-Yaw Wang is the Vice President of Engineering at WatchGuard Technologies. In this interview he talks about the the main challenges for delivering innovative information security technologies as well as long-term investments in security R&D

Pentagon seeking ways to protect personal data online (USA TODAY) The Pentagon wants to protect Americans' private personal data while still making that data accessible to companies, health care providers and the government to analyze, according to a documents for a new program created by the Pentagon's high-tech research agency

Academia

CTU Named a Nat'l Center of Academic Excellence in Info Assurance, Cyber Defense (GovConExecutive) Colorado Technical University has received designation as a National Center of Academic Excellence in Information Assurance and Cyber Defense from the National Security Agency and Department of Homeland Security

Paladion Networks partners with M S Ramaiah University (Business Standard) Launches MTech programme in cyber security, information assurance

Monty Tech cyber team wins national competition (Fitchburg Sentinel and Enterprise) They left Fitchburg as Junior RTOC members and returned as national champions

Legislation, Policy, and Regulation

Is China the Biggest Thief in Cyberspace? (The Diplomat) According to some former U.S. officials, the answer is yes; however some experts harbor doubts

An Update on the White House's CTIIC Proposal (Lawfare) In the wake of the White House announcement that it is going to create the Cyber Threat Intelligence Integration Center (CTIIC), I wrote an essay for Lawfare regarding lessons for CTIIC that might be drawn from the experience of the National Counterterrorism Center (NCTC). After I wrote the essay — but before it appeared on Lawfare — the White House released a memorandum and Fact Sheet concerning CTIIC. I write now to explain how these documents impact my analysis

Senate intel committee's draft cybersecurity legislation gets panned by privacy, security coalition (FierceGovernmentIT) Several dozen advocacy groups, security experts and academics sent a letter March 2 to the Senate Select Committee on Intelligence, opposing the most recent version of a controversial bill that would encourage companies to voluntarily share information about cyberattacks with the federal government

Sen. Carper Statement on the Cybersecurity Information Sharing Act (CISA) (Senator Carper) Today, Sen. Tom Carper (D-Del.), Ranking Member of the Homeland Security and Governmental Affairs Committee, released a statement following the Senate Select Committee on Intelligence approval of the Cybersecurity Information Sharing Act (CISA). In February, Sen. Carper introduced the Cyber Threat Sharing Act of 2015, which would take critical steps to provide liability protections to increase the sharing of cyber threat data between private industry and the federal government

Cybersecurity Bill Passes Intel Committee 14-1 (Senator Burr) The Senate Select Committee on Intelligence (SSCI) today voted the bill, "Cybersecurity Information Sharing Act of 2015," through committee on a vote of 14 to 1. This original legislation, which is co-sponsored by SSCI Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA), creates additional incentives to increase sharing of cybersecurity threat information while protecting individual privacy and civil liberties interests and offering liability protection to the private sector

The Military's Cybersecurity Budget in 4 Charts (Nextgov via Defense One) The White House is pitching $5.5 billion in cyber spending for FY 16. Here's what that money looks like

Zabel: CIOs need mission role to meet cyber challenge (C4ISR & Networks) In order to meet the challenges of cybersecurity, the Air Force and other military branches have to get their CIOs more involved in the mission, rather than just building and maintaining the underlying infrastructure, according to Brig. Gen. Sarah Zabel, director of cyberspace strategy and policy in the Air Force Office of Information Dominance and CIO

The FBI’s Big Plan To Expand Its Hacking Powers (National Journal via Defense One) Technology giant Google has warned that a rule change represents a 'monumental' constitutional concern

Commerce task force seeks to start discussion on cybersecurity issues with many stakeholders (FierceGovernmentIT) A Commerce Department task force is seeking public comment on potential cybersecurity topics from botnets to the Internet of Things that could be addressed by a broad range of participants in an open process to build consensus

Litigation, Investigation, and Law Enforcement

IG takes issue with State Department email records management (FierceGovernmentIT) According to State Department policy, any email that includes information about the organization, functions, policies, decisions, procedures or operations should be preserved as an "email record," but employees at the department overwhelmingly lack the guidance and training to properly preserve email records. Oversight, not a lack of tools, is the primary culprit, finds the State Department Inspector General

Cyber attack at NRC kept secret from other departments (Ottawa Citizen) Federal cyber security officials kept a tight lid on who was aware of a serious cyber attack at the National Research Council last year, a move one security officer suggested may have robbed other departments of a fighting chance to protect their systems as well

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

Upcoming Events

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...

B-Sides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.