skip navigation

More signal. Less noise.

Daily briefing.

Chinese anti-censorship organization GreatFire sustains a denial-of-service attack.

The Seattle Times reports that Federal auditors — from the Office of Personnel Management — warned Premera of the insurer's cyber vulnerabilities some three weeks before attackers got into its networks last spring.

Ransomware continues its evolution as a costly irritant. TrendLabs reports seeing Cryptowall combined with FAREIT spyware. KnowBe4 outlines new variants of other strains. Sophos answers the should-you-pay question: it's o.k. to pay, better not to, and best of all not to face the question.

Some 700,000 ADSL routers are reported to contain dangerous vulnerabilities.

The OpenSSL patch fixes a serious bug, but not a devastating one, so early fears that this would be another Heartbleed turn out to be overhyped.

Bloomberg warns that Kaspersky has ties to "the KGB" (side note — it's tough to keep track, but Russian organs have new names nowadays: FSB, SVR, FSO). Kaspersky denies it, and complains it's a victim of sloppy reporting and loose assumptions about Russians conducting meetings in Russian. (For what it's worth, a quick look at Nota Bene's meta tags would impress linguistic analysts with fluency in demotic American argot, leading them to conclude it was the work of some guys from South Hackensack. Attribution's tough.)

US NSA Director Rogers tells Congress deterrence is failing in cyberspace for want of credible offensive capabilities.

Debate continues over pending US cyber bills.

Target prepares to settle breach claims for $10M, a bellwether, observers say, for other sectors, including law and real estate.

Notes.

Today's issue includes events affecting China, Estonia, Israel, Nigeria, Norway, Russia, Slovenia, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Hackers Attack GreatFire.org, a Workaround for Websites Censored in China (New York Times) For years, a group of anonymous activists known as GreatFire.org has monitored online censorship in China, provided access to blocked websites and collected messages deleted by censors

Feds warned Premera about security flaws before breach (Seattle Times) In what the health insurer called a routine audit, federal officials found a handful of issues with Premera's network security — three weeks before a major breach first occurred

The Next Cybersecurity Target: Medical Data (Atlantic) The health industry is not immune to cyberattacks

CryptoWall 3.0 Ransomware Partners With FAREIT Spyware (TrendLabs Security Intelligence Blog) Crypto-ransomware is once again upping the ante with its routines. We came across one crypto-ransomware variant that's combined with spyware — a first for crypto-ransomware. This development just comes at the heels of the discovery that ransomware has included file infection to its routines

KnowBe4 Warns Of Onslaught Of New Ransomware Strains (Business Solutions) In an unsettling trend, cybercriminals have launched a new wave of ransomware attacks that include several new malicious strains targeting both businesses and consumers, according to KnowBe4, a provider of web-based security awareness training to small and medium sized enterprises. The new strains expand capabilities into unmapped network drives, malicious help files, and games

Ransomware — should you pay? (Naked Security) Unfortunately, we've had cause to write rather regularly in recent times about ransomware, and what it can do to you

At least 700,000 routers given to customers by ISPs are vulnerable to hacking (IDG via CSO) More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them

What we can learn from $1 billion bank-robbing malware (SC Magazine) Cybercriminals used a mix of social engineering and the Carbanak family of malware to infiltrate banks around the world and steal as much a $1 billion since 2013, according to a recent Kaspersky Labs report. Spear phishing emails reportedly duped employees into opening back doors for criminals to infiltrate banking systems, alter account balances, transfer funds and hide their tracks. But how did these criminals go back to the well so many times at so many banks without getting caught?

Dylib Hijacking on OS X (Virus Bulletin) DLL hijacking is a well known class of attack which was always believed only to affect the Windows OS. However, this paper will show that OS X is similarly vulnerable to dynamic library hijacks

Facebook photo leak flaw raises security concerns (ComputerWeekly) A Facebook mobile code vulnerability, which exposed private photos to hackers, has raised questions about the safety of the social network's coding in general

Mandrill warns attack may have exposed some data about email (IDG via CSO) Mandrill warned customers on Wednesday that some email-related data may have been exposed after attackers tried to lasso some of its servers into a botnet

Corporate espionage — the Internet's new growth industry (IT Pro Portal) Espionage as a Service (EaaS) is the latest threat to big business worldwide. While corporate espionage has been part of the business landscape for hundreds of years, EaaS is largely a product of the Internet

VA official 'perplexed' by lawmaker's claims of nation-state breach (The Hill) Lawmakers and the Veterans Affairs Department are fighting over whether the department suffered a nation-state hack in September 2014, according to a Thursday report

Number of veterans whose personal information was put at risk nearly triples in a month (FierceGovernmentIT) Between January and February, the number of veterans who had personal information affected by data breaches nearly tripled, according to a new report

Police Admit Leak Due to Fault in Crypto System (STA) Police commissioner Marjan Fank has admitted that the police force sustained a leak of sensitive information communicated through its secure communication network, Tetra, because of a cryptography fault. The leak is said to be small in size

Security Patches, Mitigations, and Software Updates

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291) (OpenSSL Security Advisory) Severity: High. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server

OpenSSL patched against high severity denial-of-service bug, and other flaws (Graham Cluley) Phew! Well, there's a relief

OpenSSL security update less critical than expected, still recommended (Help Net Security) As announced on Monday, the OpenSSL project team has released new versions of the cryptographic library that fix a number of security issues

Apple fixes 17 security holes in Safari's WebKit engine (FierceITSecurity) Apple also fills security gaps in iOS 8 with latest update

Drupal Core — Moderately Critical — Multiple Vulnerabilities - SA-CORE-2015-001 (Drupal Security Team) Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password

Drupal flaw allows reset password by crafting specific URLs (Security Affairs) The Drupal team issued an update to fix a flaw that allows attackers reset password by crafting URLs under certain circumstances

Cyber Trends

The days of mass attacks are over; now it's all about big data (FierceITSecurity) Security execs at CeBit spoke about how the threat landscape has changed and warned against the temptation to hack back

Should you worry about government spying? IT security pros differ (FierceITSecurity) Before you hire an IT security vendor to help lock up your critical business data, it's probably a good idea to understand how the vendor prioritizes threats. Judging from executives who spoke at CeBit in Hannover, Germany, this week, they may have widely different opinions

IWCE keynote Roger Cressey: If you're reacting to a cyber attack, you're too late (IWCE's Urgent Communications) Cyber threats will never be eliminated, but cyber risks can be mitigated, according to Roger Cressey, NBC News' counter-terrorism analyst and former presidential advisor to both the Clinton and Bush administrations

The latest trend worry for CIOs: The Analytics of Things (FierceCIO) When it comes to big data and data analytics, IT Leaders continue to struggle with how to wrap their hands around it all. First up are continued concerns about security. Adding to the challenges is the quest for data accuracy

Smart cities to use 1.1 billion connected things (Help Net Security) Increasing urbanization is putting unprecedented pressure on city mayors to constantly balance the challenge of resource constraints against environmental sustainability concerns. Gartner estimates that 1.1 billion connected things will be used by smart cities in 2015, rising to 9.7 billion by 2020

Power companies unprepared for hacking attacks (Phys.org) Researchers are recommending that Norwegian power distribution companies should carry out more regular contingency exercises to prepare themselves for hacking attacks. If they don't, they won't be equipped to identify and deal with crisis situations

Cyber Risk Management for the Automotive Sector (Dark Matters) Recently, Senator Markey of Massachusetts sent letters to 20 major automobile manufacturers requesting information about how they protect against cyber-attacks. This effort by the Senator was subsequently followed up with talking points at an auto show in Detroit

Many admit that passwords are their only IT security measure (Help Net Security) New research from SecureAuth shows that despite much debate, the password isn't dead yet as two in five IT decision makers (ITDMs) admit that passwords are their only IT security measure. It is a worrying revelation, considering the prevalence of security breaches due to compromised credentials. Furthermore, a third (33%) of companies with more than 1,000 employees are still using password only access. Even more concerning, one in five (20%) respondents said they 'don't know' how many IT security policies their company currently has

Study: Mobile app security risk well-known, but enterprises lack proper usage policy (SC Magazine) Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use

Companies Left in the Dark as Two-Thirds Admit Cloud Apps being Implemented Without their Knowledge Pose a Security Threat (Information Security Buzz) More than two-thirds (67 per cent) of organisations admit that unauthorised cloud applications are being implemented without IT's knowledge or involvement, and correspondingly pose a security risk to the business. This is according to a snapshot poll by Centrify, the leader in unified identity management across cloud, mobile and data centre, at Cloud Expo Europe last week in London

Data Breach Detection Takes Days or Longer For Many Businesses: Survey (SecurityWeek) Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach — with nearly 30 percent stating it would take days, weeks or longer

Deloitte's Exposé on Cyber Security Concerns for Nigeria in 2015 (Techcabal) The advantages the internet accords us with, are numerous. From the report we published couple of weeks back, it will be seen that Nigeria ranked well on the internet affordability index among the developing economies in the world. Ardent observers of this tech space in the country will notice that there has been a surge in the number of activities performed online

Marketplace

The Company Securing Your Internet Has Close Ties to Russian Spies (Bloomberg) Kaspersky Lab has published reports on alleged electronic espionage by the U.S., Israel, and the U.K. — but it's yet to look at Russia

A Practical Guide to Making up a Sensation (Nota Bene) There are many ways to make up something sensationalist in the media. One of the practical ways is to speculate and create conspiracy theories. Unfortunately, there is a demand on such stories and they have a very good chance of making a splash

Check Point in talks to buy Israeli cyber-security firm (Reuters) Internet and network security provider Check Point Software Technologies is in talks to buy cyber-security firm Lacoon Mobile Security for $80 million, Israeli newspaper Calcalist reported on its website on Thursday

Opera buys VPN service to help protect user privacy (IDG via CSO) Norwegian browser developer Opera Software has bought virtual private network service SurfEasy to help its users protect their privacy when accessing the Web from smartphones, tablets and computers

Fortinet: Well Positioned In An Increasingly Vital Industry (Seeking Alpha) Fortinet is on the forefront of cyber-security, replacing the businesses of more legacy firms with its highly sophisticated/multilayered security products. In addition to developing some of the industry's most advanced cyber-security applications, Fortinet is also extremely well diversified across the globe. While all cyber-security firms risk obsolescence in the rapidly changing cyberspace, Fortinet is more adapted to this changing environment than its competitors

Raytheon Boosts Shareholder Value, Ups Dividend by 11% (Zacks via Nasdaq) The board of directors of Raytheon Co. (RTN) approved of a 10.7% annual dividend hike, marking the 11th consecutive rise. The company has increased the quarterly dividend to 67 cents per share from 60.5 cents, bringing the annualized payout to $2.68 with a yield of 2.42%. The dividend will be paid on Apr 30 to shareholders of record as of Apr 1

KEYW Announces Award of $38 Million Prime Contract to Provide Cyber Training and Infrastructure Upgrades (GlobeNewswire) The KEYW Corporation, a wholly owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), announced today it has received a prime contract to provide advanced cyber training content development, delivery, and training infrastructure upgrades to a U.S.-based customer

Young Hackers Win Big Bucks Crushing Your Web Browsers (Tom's Guide) Every major Web browser was quickly hacked during the latest Pwn2Own contest here at the CanSecWest 2015 security conference, with the contestants walking away with more than half-a-million dollars in prize money

ThreatStream Announces New Advisory Board with Leading Experts from Cisco, Cloudera and OSG Consulting (PRNewswire) ThreatStream®, the leading provider of an enterprise-class threat intelligence platform, today announced its advisory board, which will provide input and guidance on the company's direction. The board includes John N. Stewart, senior vice president, chief security and trust officer at Cisco; Mercedes Westcott, vice president, public sector, at Cloudera; and Greg Oslan, founder and managing partner at OSG Consulting. Stewart, Westcott and Oslan will serve as strategic resources as ThreatStream continues to develop solutions that enable enterprises to increase the accuracy and speed with which security threats are discovered

Former FBI Executive Assistant Director Louis E. Grever Joins Wynyard Group Board (Virtual Strategy Magazine) Wynyard Group, a market leader in crime-fighting software and services, today announced that former FBI Executive Assistant Director Science and Technology Branch, Louis Grever, will join its Board of Directors

Products, Services, and Solutions

Internet Explorer: Microsoft's Troubled Browser Retires (InformationWeek) Microsoft this week announced the demise of Internet Explorer. Let's reflect on how it evolved over the years

Dome9 Releases New Android App for Secure Enterprise Access to Cloud Servers (Virtual Strategy Magazine) App provides on-demand access to reduce the attack surface of cloud servers

Technologies, Techniques, and Standards

Signature antivirus' dirty little secret (Help Net Security) If you rely only on traditional, signature-based antivirus, you are going to get infected — and probably a lot! Antivirus was, and still is, a valuable addition to your layered security strategy, but only if you understand its limitations, which have become more and more prominent over time

Cracking a Wi-Fi WPA2 Password, Thanks to Amazon (Infosec Institute) In a pen tester's life, sooner or later you are cracking a password. This activity depends on the type of password and available hardware

Well-Designed RFP Crucial for Enterprise Key and Certificate Management (Venafi) So, you've decided to select a vendor solution for your enterprise key and certificate management. You've made a wise decision — manual tracking methods or limited internal scripts cannot effectively manage and secure the number of keys and certificates in an average enterprise. But to get the most of your investment dollars and ensure that the vendor solution you choose will meet your needs now and in the future, you need to create a clear and comprehensive request for proposal

Prepare for The Cyber Threat: What Executives Need to Know to Manage Risk (CTO Vision) Cybersecurity is one of the most high-profile topics for organizations today and one of their biggest sources of risk. Numerous recent incidents have heightened awareness of and sensitivity to this risk, and have made it even more critical that they assess their cyber readiness

OpenPGP email security for Mozilla applications (Enigmail) Enigmail is an extension for Thunderbird and other Mozilla based mail clients. It allows you to encrypt and digital sign emails using the OpenPGP standard

Is it time to adopt a military-style approach to cyber security? (Network World) It seems like every week we hear about another serious breach affecting this merchant or that healthcare provider or some other major business. Successful cyber attacks of the private sector have become all too common

Design and Innovation

'War game' will determine if DoD can share well with others in the cloud (FierceGovernmentIT) DoD will test if cloud providers can use military property for commercial clients

Polymorphic security warnings more effective than same, static ones (Help Net Security) In the last year or so, we have witnessed Google becoming increasingly interested in providing effective warnings that would spur users into making good decisions regarding the security of their computers and their information

Research and Development

IARPA preps insider threat monitoring projects (GCN) The intelligence community will host a meeting next month to brief IT firms on research into insider threat monitoring systems

Academia

Training Cyber Warriors: What Can Be Learned from Defense Language Training? (RAND) Over the past decade, cyber operations have become an increasingly important part of U.S. and international military capabilities. Research and the popular press note the rising threat from cyber warfare, including threats to military and federal government networks, as well as potential attacks on the U.S. economy, infrastructure, and business. To respond to this threat, cyber defense spending is projected to grow substantially — even while overall Pentagon spending is reduced. As the importance of cyber operations in national security grows, the US military's ability to train individuals in cyber skills and ensure a robust cyber workforce becomes increasingly important in protecting the nation. There has been a particular focus on the need for cyber warriors — highly trained and specialized individuals who engage in offensive and defensive cyber warfare

Civil Air Patrol Cadets compete in cyber effort (Belvoir Eagle) Cyber intrusions and attacks and the evolving array of cyber-based threats against the government and business occur every day. Recent media reports of cyber breach and attack against big businesses, small businesses and government entities pose threats to national security, commerce, intellectual property and people

Legislation, Policy, and Regulation

2014—2017 Cyber Security Strategy (Ministry of Economic Affairs and Communication) The Cyber Security Strategy 2014-2017 is the basic document for planning Estonia's cyber security and a part of Estonia's broader security strategy. The strategy highlights important recent developments, assesses threats to Estonia's cyber security and presents measures to manage threats. This strategy continues the implementation of many of the goals found in the Cyber Security Strategy 2008-2013; however, new threats and needs which were not covered by the previous strategy have also been added

Cyber chief: Efforts to deter attacks against the U.S. are not working (Washington Post) The government's efforts to deter computer attacks against the United States are not working and it is time to consider boosting the military's cyber-offensive capability, the head of U.S. Cyber Command told Congress on Thursday

NSA Chief: US Needs Offensive Strategy to Deter Cyber Attacks (Reuters via the Voice of America) The United States needs to step up its offensive cyber capabilities, a top security official said on Thursday, warning that looming defense budget cuts could hurt efforts to bolster the nation's cyber military facilities and make the country more vulnerable

North Korea Internet outage was payback for Sony hack, U.S. official says (UPI) A U.S. official said the December Internet blackout in North Korea was a retaliatory strike after a data breach at Sony Pictures disrupted employee computers and disclosed confidential Sony information to the public

Dueling Bills Complicate U.S. Cyberdefense Efforts (Wall Street Journal) Dueling committees in the House of Representatives are drafting their own cybersecurity bills, reflecting a legislative turf war that has complicated political efforts to address the growing number of computer attacks, including some believed to originate in foreign countries

Senate Intelligence Committee Advances Terrible "̶C̶y̶b̶e̶r̶s̶e̶c̶u̶r̶i̶t̶y̶"̶ ̶B̶i̶l̶l̶ Surveillance Bill in Secret Session (Electronic Frontier Foundation) The Senate Intelligence Committee advanced a terrible cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA) to the Senate floor last week. The new chair (and huge fan of transparency) Senator Richard Burr may have set a record as he kept the bill secret until Tuesday night. Unfortunately, the newest Senate Intelligence bill is one of the worst yet

Here's Why the NSA Won't Need Congress' Permission To Continue Spying (National Journal via Defense One) A passage buried in a recently declassified FISA court document paves the way for the NSA's bulk collection of U.S. phone data to continue beyond its June 1 expiration

Funding Cuts Pose Significant Risk to DoD Cyber Security (Seapower) The world is a complex, dynamic and uncertain place, and continued budget cuts from sequestration may pose drastic risks to the Department of Defense (DoD) cyber security abilities, service leaders told a Senate Armed Services Committee hearing March 19

FREAK: How government security worries got us into this mess (Inquirer) FREAK, the elderly OpenSSL problem that has set insecurity firms alight over the past couple of weeks, continues to make headlines, but why? What on earth caused this terrible mess?

Vickers to step down from DoD intell post (C4ISR & Networks) Under Secretary of Defense for Intelligence Dr. Michael Vickers will retire from federal service as of April 30, according to a Defense Department press release

Litigation, Investigation, and Law Enforcement

Target agrees to pay $10 million to settle data breach lawsuit (Naked Security) US retailing giant Target has proposed a settlement worth $10 million (about £6.7 million) in respect of a class-action lawsuit related to the massive data breach it experienced in 2013

Target settlement could make other hacked retailers liable (Christian Science Monitor) Target has agreed to pay $10 million to settle a class-action lawsuit stemming from a massive data breach that compromised the information of up to 40 million shoppers during the 2013 holiday season. Target will pay affected shoppers up to $10,000 each in damages

Cyber Attacks Upend Attorney-Client Privilege (Bloomberg) Security experts say law firms are perfect targets for hackers

To hackers, real estate agents are walking around with bull's-eye on their backs (Inman) Protect yourself and your business from the bad guys

US turns to rewards in hunt for overseas cyber criminals (AP via Yahoo! News) The FBI considers Evgeniy Bogachev one of the world's most prolific and brilliant cyber criminals, slapping his photos — bald, beefy-faced and smiling faintly — on "Wanted" fliers posted online. The Russian would be an ideal target for prosecution — if only the Justice Department could find him

Police need wider capability to tackle online crime, says London watchdog (ComputerWeekly) The Metropolitan Police should appoint a senior officer to ensure the whole force is prepared to tackle online crime, according to a London watchdog

Microsoft Using Big Data to Disrupt Big Cybercrime (Accounting Today) Cybersecurity is a CEO-level issue, stated David Finn, executive director of Microsoft Digital Crimes Unit, during his closing day keynote of the 2015 Microsoft Convergence Conference

iovation Helps Bust Cyberfraud Ring; Saves Insurer $3.5 Million (Consumer Electronics Net) Identifying Devices and IP Addresses Ultimately Leads to Stopping "Crash for Cash" Scheme

Bomber's Computer Contained Extremist Materials (AP via Forensic Magazine) Boston Marathon bomber Dzhokhar Tsarnaev had a variety of extremist materials on his computer, including an issue of the al-Qaida magazine Inspire with an article entitled "Make a Bomb in the Kitchen of Your Mom," an FBI agent testified Thursday

Individual Charged with Hacking NYPD Computers and FBI Database (Softpedia) Defendant logged into police computers remotely

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Upcoming Events

B-Sides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.