skip navigation

More signal. Less noise.

Daily briefing.

ISIS continues its grotesque recruiting propaganda (some it seems to have run through Seattle).

The Israeli Defense Forces watch for signs of Hezbollah cyber capabilities and think they've spotted some.

Russia (whose intentions, SACEUR says in an evergreen remark, remain difficult to discern) apparently used an ad fraud botnet to goose approval for pro-Russian videos posted to DailyMotion.

Several new or at least evolved threats are reported in the wild. Crypt0L0cker (a Torrentlocker as opposed to a Cryptolocker variant: note the zeros in the name) is circulating in Europe, Asia, and Australia. Curiously, Crypt0L0cker seems coded to avoid devices in the US. An enhanced version of Dyre has gained some ability to evade commercial sandboxes. ESET announces discovery of Mumblehard, malware that exposes Linux and BSD systems to remote code execution. SANS reports a spam campaign distributing CTB-Locker (a.k.a. Critroni) ransomware. TROJ_WERDLOD, a new banking Trojan using techniques earlier seen in Operation Emmental, hits Japanese targets. And F-Secure provides an update on the CozyDuke espionage toolkit.

WordPress vulnerabilities remain under discussion, as do issues with D-Link and Trendnet Wi-Fi routers and Oracle's MySQL database.

Dropbox takes steps to block phishers from distributing Bartalex macro malware.

Revenant RawPOS point-of-sale malware appears in hotels and casinos on four continents. Other breaches affect retail customers of Harbortouch point-of-sale systems.

Barracuda patches firmware in its Web Filter appliances. Google introduces Password Alert, a Chrome extension designed to help users avoid exposing their passwords.

Airbus plans to file a criminal complaint over alleged BND snooping.


Today's issue includes events affecting Canada, China, Estonia, Iran, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Lebanon, Russia, Syria, Ukraine, United Kingdom, United States, and Yemen.

Cyber Attacks, Threats, and Vulnerabilities

Islamic State group film shows Yemen killings: SITE (Reuters) A new branch of the Islamic State group in Yemen on Thursday issued a video showing what it said was the beheading of four Yemeni soldiers and the shooting of 10 others, the SITE Intelligence group reported

Report: Islamic State recruiter based in Seattle (Seattlepi) Reports from the United Kingdom say a woman who was based in Seattle used social media to try to recruit young women to join the radical Islamic State

IDF's cyber defenders preparing for attacks by 'Lebanese opponent' (Jerusalem Post) Officers from the secretive Cyber Defense unit tell 'Post' about the daily need to stay one step ahead of sophisticated cyber enemies, who seek to target IDF networks

Malware campaign inflated views of pro-Russia videos (IDG via CSO) A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave

Breedlove: Russia Intel Gaps 'Critical' (DefenseNews) NATO's top military commander warned of gaps in US intelligence gathering in Eastern Europe and its ability to understand Moscow's intent in the wake of Russian aggression

Crypt0L0cker ransomware avoids US computers (Help Net Security) Yet another piece of ransomware has surfaced, and this one has several interesting things about it: it expressly avoids targeting US users, and it has a hardcoded list of file types it avoids encrypting

Dyre Banking Trojan Jumps out of Sandbox (Threatpost) A number of unidentified commercial and freely available sandboxes fail to detect a new version of the Dyre banking Trojan, which was recently blamed for more than $1 million in losses to financial institutions and enterprises

Unboxing Linux/Mumblehard: Muttering spam from your servers (ESET) Linux/Mumblehard is a family of malware targeting servers running both the Linux and BSD operating systems. A Mumblehard infected server opens a backdoor for the cybercriminals that allows them full control of the system by running arbitrary code. It also has a general purpose-proxy and a module for sending spam messages

Dalexis/CTB-Locker malspam campaign (Internet Storm Center) Malicious spam (malspam) is by sent by botnets every day. These malspam campaigns send malware designed to infect Windows computers. I'll see Dridex or Upatre/Dyre campaigns a daily basis. Fortunately, most of these emails are blocked by our spam filters

TROJ_WERDLOD: New Banking Trojan Targets Japan (TrendLabs Security Intelligence Blog) A new online banking malware with the same technique used in Operation Emmental has been hitting users in Japan. Detected as TROJ_WERDLOD, this new malware has been causing problems in the country since December 2014 with more than 400 confirmed victims

F-Secure Study Links CozyDuke to High-Profile Espionage (Virtual Strategy Magazine) A new malware analysis from F-Secure Labs points to CozyDuke as a continuing menace facing governments and other large organizations. CozyDuke is an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets, and the new analysis links it to other APTs responsible for a number of high profile attacks

WordPress eCommerce Plugin Vulnerability Details Disclosed (Threatpost) Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin

Critical vulnerability in RealTek SDK breaks routers' security (Help Net Security) A critical vulnerability in version 1.3 of the RealTek software development kit (SDK) has opened hole in D-Link and Trendnet Wi-Fi routers — and possibly many others, as well — which can be exploited by attackers to execute arbitrary code on the devices

MySQL Bug Can Strip SSL Protection From Connections (Threatpost) Researchers have identified a serious vulnerability in some versions of Oracle's MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently

Unpatched, vulnerable PDF readers leave users open to attack (Help Net Security) Unpatched, vulnerable PDF readers are a big security issue for private PC users, according to Secunia

Dropbox strikes back against Bartalex macro malware phishers (V3) Dropbox has struck back against a hacker group using its cloud storage services to store and spread the Bartalex macro malware

RawPOS: Checking in at a Hotel Near You (TrendLabs Security Intelligence Blog) Casinos and resort hotels are the most recent victims of an attack that used RawPOS, an old POS malware, to steal customer data. The victims include establishments in the United States, Canada, Europe, Middle East, and Latin America

Harbortouch is Latest POS Vendor Breach (KrebsOnSecurity) Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch disclosed that a breach involving "a small number" of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity has recently heard from a major U.S. card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide

Facebook says sorry after bug hid posts, blocked links and led to security warnings (Naked Security) Facebook has apologised after a bug caused major problems for users yesterday as existing posts disappeared, new links were blocked from being posted, and others wouldn't allow for an image to be posted alongside the link

Colleges in a cyber war with hackers; open networks vulnerable to attacks ( The cyberattack that crippled Rutgers University for the past three days was part of a string of attacks that attempt to exploit weaknesses that are unique to the way colleges operate

VA reaching breaking point as malware attacks rise (Federal Times) The Department of Veterans Affairs has seen a dramatic uptick in cyberattacks recently, fending off almost 1.2 billion attempts to put malware on its networks in March alone — a trend that has agency cybersecurity officials worried

FireEye's Kevin Mandia Talks About the World After the Sony Hack (Full Video) (Re/code) It's often said there are two kinds of companies: Those that have been attacked by hackers and those that don't yet know they have been attacked by hackers

Security Patches, Mitigations, and Software Updates

Barracuda fixes critical MITM flaws in its Web Filter (Help Net Security) Barracuda Networks has issued a security update that patches critical flaws in the firmware of its Web Filter appliances, which could lead to an attacker successfully performing a man-in-the-middle (MITM) attack without the client knowing it

Chrome extension protects your Google account from phishers (Help Net Security) Google developers have created Password Alert, an open source Chrome extension that aims to prevent users from entering their Google password in a phishing site or, alternatively, alert them when they did so and urge them to change their password

Windows Server 2003: No Support, No Security? (eSecurity Planet) What are your options, if any, for mitigating security risks of continuing to run Windows Server 2003 after Microsoft ends extended support in July?

Cyber Trends

Google's Urs Hoelzle: Cloud Will Soon Be More Secure (InformationWeek) Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years

The Shape of Cyberthreats to Come: Rodney Joffe Speaks on 2015 (Neustar Blog) 2014 was a year rife with news of large-scale security breaches of high-profile, global organizations. JPMorgan, eBay, Home Depot, the European Central Bank, and the U.S. Postal Service all appeared in headlines as targets of cyberattack

Three Quarters of U.S. Execs Say a Cyber Attack Could Seriously Disrupt Business (eSecurity Planet) And 59 percent said a breach of one company's network can lead directly to attacks on different networks in connected sectors of the economy

Expecting to Get Hacked? A Strategy to Turn the Tide (Infosec Island) In a sign of times, Dark Reading published an article "Most Companies Expect to Be Hacked in the Next 12 Months", which describes the results of a survey of enterprise security professionals. This survey is another data point in the trend of rising disillusionment and defeatism in security that is worth noting, but more importantly, addressing it head on by changing the way security operations does its business and the underlying security technology base it uses

Dan Geer Keynote: Data and Open Source Security (Recorded Future) Security. What is security? Dan Geer defined it best. Keynoting at the Recorded Future User Network (RFUN) Conference in Washington, D.C. Geer said

Lack of Solutions to Solve Security Issues at RSA (Information Security Buzz) Patrick Peterson, CEO & Founder, Agari, attended the recent RSA conference and has shared the following comments

Cyber attack peril for governments as they drown in Big Data (Computer Business Review) Cyber attack peril for governments as they drown in Big Data


Revealed: The anti-virus vendor cheating in independent tests (Graham Cluley) Chinese anti-virus vendor Qihoo 360 has been stripped of all of the certifications awarded to it this year by the three leading anti-malware testing agencies, after being found to have broken the rules

Hackers in China tired of getting no love, try to rebrand (Want China Times) Despite increasing recognition within the industry, Chinese hackers have been unable to shake their bad reputation, according to Beijing's Economic Observer

Cyber insurance scepticism leaves firms open to impact of attacks (ComputerWeekly) Distrust of insurers is leaving businesses vulnerable to the effects of cyber attacks, a KPMG survey has revealed

IT security and compliance: Get leadership on board to find balance (TechTarget) At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation

ThreatQuotient Raises $1.5Mn in Seed Money (Infosecurity Magazine) Investment is still pouring into the security startup space. The latest is the news that ThreatQuotient has raised $1.5 million in a seed round of funding, illustrating just how hot the threat intelligence field is right now

Anonymous sharing app Secret shuts down (Naked Security) The anonymous sharing app Secret is zipping its lip for good

Defense Intelligence Agency Awards Leidos $25 Million Task Order (PRNewswire) Solutions company to provide all-source analysis

SRA Awarded Prime Position on INSCOM GISS Contract (IT Business Net) SRA International, Inc., a leading provider of IT solutions and professional services to government organizations was awarded a prime position on the Global Intelligence Support Services (GISS) contract administered by the United States Army Intelligence and Security Command (INSCOM)

Wolfram bros seek code slinger posse for IBM and Google round-up (Register) Come in Google, your time is up. Watson, we're watching you

FBI launches massive manhunt for cybersecurity hires (FierceCIO) Yesterday marked the start of a massive cybersecurity hiring spree for the FBI. The bureau released a synopsis on a contract opportunity for subject matter experts (SMEs) in the cybersecurity arena, valued at a minimum of $10 million and maximum of $100 million

The future of security is in the hands of the youth (Techspective) When it comes to high tech security stuff it is no longer the aged, serious looking computer scientists that hold hope for the future. The next generation of security actually rests on the delicate young shoulders of Millennials and beyond according to Juniper CTO Chris Hoff.

Boston Red Sox VP Of IT: Invest In Your Farm Team (InformationWeek) Brian Shield, the vice president of IT for the Red Sox, thinks IT departments and CIOs can learn how to solve hiring problems by learning from how baseball teams recruit

ThreatStream Honored as Gold Winner, Best Overall Security Company of the Year, by the Info Security Products Guide's 11th Annual Global Excellence Awards (IT Business Net) ThreatStream (@threatstream), the leading provider of an enterprise-class threat intelligence platform, today announced that Info Security Products Guide, the industry's leading information security research and advisory guide, has named ThreatStream its Gold winner in the category of Best Overall Security Company of the Year

Booz Allen Hamilton Names Vice President Gary Voellger to Chief Ethics Position (Stockhouse) Global strategy and technology consulting firm Booz Allen Hamilton (NYSE: BAH) today announced the appointment of Gary Voellger as Chief Ethics and Compliance Officer

Products, Services, and Solutions

iSIGHT Partners joins Tripwire Adaptive Threat Protection program (GSN) Tripwire, Inc., a global provider of advanced threat, security and compliance solutions, has announced that iSIGHT Partners, Inc., a provider of cyber threat intelligence for global enterprises, has joined its Adaptive Threat Protection program

MegaCryption Incorporates Format-Preserving Encryption for Added Security (PRWeb) MegaCryption, the cryptographic toolkit from ASPG, now includes format-preserving encryption

Startup HydrantID launches subscription model for buying SSL certificates (IDG via CSO) Startup HydrantID launches subscription model for buying SSL certificates

Cytegic Launches Automated Product for Cyber Insurance Industry (Insurance Weekly News) Cytegic, a developer of cybersecurity management and intelligence solutions, announced a new product offering specifically developed for the insurance industry

ControlCase Announces Breakthrough Developments in Card Data Discovery Scanning (Sys-Con Media) ControlCase offers an agentless data discovery tool which allows scanning for different types of data, produces scalable results and eliminates false positives

Technologies, Techniques, and Standards

Three Essential Security Practices that an Organization Must Adopt to Avoid IT Security Breaches (Information Security Buzz) If you have to choose three essential security practices that an organization must adopt to avoid IT security breaches, what will you choose and why?

The Importance of Cyber Hygiene in Cyberspace (Infosec Institute) The drastic increase in the frequency of cyber attacks on financial systems, the healthcare industry and large and small scale industries have raised concerns about security at every level of an organization

Enterprises overlook legal issues in breach preparedness (CSO) Companies preparing for security incidents overlook the legal aspects

Law Firm Data Security: Experts on How to Protect Legal Clients' Confidential Data (Digital Guardian) For companies that provide services to clients, data security is always an important part of business. With lawyers and law firms, however, who are constantly entrusted with highly sensitive information about their clients as a course of business, the need for effective data security is of even more critical importance

Breaking The Security Fail Cycle (Dark Reading) How security teams are evolving in the face of today's threats

Malware Analysis Basics: Static Analysis (Infosec Institute) Starting here, I would like to share the results of my recent research into malware analysis. We will begin with some basics and proceed to advanced levels. In this first installment, we will discuss the techniques involved in static analysis of malware. I will also include some files for illustrative purposes in this document

Design and Innovation

Yahoo develops cheap, effective biometric smartphone authentication (Help Net Security) A group of Yahoo researchers have demonstrated that apart from fingerprints, other parts of the human body, such as ears, fists, palms and fingers, can also be successfully used to authenticate users to their mobile phones

Research and Development

Perspecsys Picks Up A Key Patent (TalkinCloud) Security broker launches new Cloud Control capabilities within its AppProtext platform

IBM Sets Quantum Computing Milestone (InformationWeek) IBM sees the future of quantum computing as having a major impact in the life sciences and chemistry fields

Legislation, Policy, and Regulation

Estonia recruits volunteer army of 'cyber warriors' (Telegraph) General Jonathan Shaw, head of Britain's Defence Cyber Security Programme from 2011 until 2012, says UK should follow Estonia's example

U.S.-Japan pact bolsters ties in cyber, space and ISR (Defense Systems) While the United States and Japan have enjoyed a strong post-World War II relationship, the two nations deepened their ties this week, signing on to both a military agreement and a similar diplomatic agreement that, among other economic and defensive parameters, call for greater cooperation in space, cyber and intelligence, surveillance and reconnaissance (ISR)

China says worried by new U.S. cyber strategy (Reuters via Yahoo!News) China's Defence Ministry expressed concern on Thursday at the Pentagon's updated cyber strategy that stresses the U.S. military's ability to retaliate with cyber weapons, saying this would only worsen tension over Internet security

Newly Disclosed US Cyber-Terrorism Strategy: Attacking To Defend (The Source) After receiving a copy of the new strategy unveiled by the Department of Defesne, Reuters reports that the Pentagon will be actively using cyber-attacks to defend against foreign threats

House reaches deal on bill to end NSA phone collection (AP via ConnectMidMissouri) House leaders have reached a bipartisan compromise on a bill that would end the National Security Agency's controversial collection of American phone records, but the measure faces an uncertain future in the Senate

Patriot Act faces revisions backed by both parties (New York Times via the Houston Chronicle) After more than a decade of wrenching national debate over the intrusiveness of government intelligence agencies, a bipartisan wave of support has gathered to sharply limit the federal government's sweeps of phone and Internet records

Beware the privacy and security risks of the Internet of Things (IT Business) The Internet of Things (IoT) may offer vast improvements in convenience and efficiency, but how secure is it, and do we need to protect ourselves from it?

CSIRT Basics for Policy-Makers (GPPI and New America Foundation) In this paper, we examine the history, types, and culture of Computer Security Incident Response Teams (CSIRTs). Some CSIRT practitioners and policymakers have differing views of what a national CSIRT should be, how it should operate, where it should be situated, and how it should relate to the rest of the computer security incident response network within its country. This brief is intended to provide a short history and overview of the culture of CSIRTs in order to help build a common understanding before examining some of the critical issues in greater depth in the subsequent publications

State CIOs say information sharing — with private sector and public — is key to cybersecurity (FierceITSecurity) State tech executives, private sector partners and other state and federal government and military officials gathered here this week to develop a list of recommendations for their peers when using cyber analytics and preventing cyberattacks

RSA president questions government's role in cybersecurity (IDG News Service via PCWorld) The president of one of the world's biggest computer security vendors says he is skeptical that a stronger government role in cyberdefense will abate the growing number of attacks

Congress, Crypto, and Craziness (Threatpost) Crazy is never in short supply in Washington. Through lean times and boom times, regardless of who is in the White House or which party controls the Congress, the one resource that's reliably renewable is nuttery

Irate Congressman gives cops easy rule: "just follow the damn Constitution" (Ars Technica) Rep. Ted Lieu lambasts gov't request for more access to encrypted devices

InfoSec pros reject DHS criticisms of encryption (CSO) InfoSec pros strongly opposed to a plea to rethink encryption by the DHS

ODNI Releases Second Annual Statistical Transparency Report Regarding Use of National Security Authorities (IC on the Record) In June 2013, President Obama directed the Intelligence Community to declassify and make public as much information as possible about certain sensitive U.S. government surveillance programs while protecting sensitive classified intelligence and national security information

The Department of Justice Releases Inspectors General Reports Concerning Collection Activities Authorized by President George W. Bush After the Attacks of September 11, 2001 (IC on the Record) On December 21, 2013, the Director of National Intelligence declassified the existence of surveillance activities originally authorized by President George W. Bush shortly after the terrorist attacks of September 11, 2001

Litigation, Investigation, and Law Enforcement

Airbus to sue over US-German spying row (BBC) Aviation giant Airbus says it will file a criminal complaint over allegations that German intelligence helped the US carry out industrial espionage

Police still 'ill-equipped' to deal with cyber-crime (SC Magazine) Police are still playing catch-up with cyber-crime, and are particularly struggling with poor reporting, a lack of data and the InfoSec skills shortage, said Ian Maxted, safer cyber coordinator at the Gloucestershire Constabulary, at 44CON in London yesterday

Headline: Silk Road Judge Denies Retrial Despite Agents? Alleged Corruption (Wired) Just two months after Ross Ulbricht was convicted of running the billion-dollar online black market for drugs known as the Silk Road, he was offered what looked like a slim new hope of a retrial

The Rise and Fall of Silk Road (Wired) How a 29-year-old idealist built a global drug bazaar and became a murderous kingpin

What We Can Learn from the Adobe Class Action Lawsuit (Trend Micro: Simply Security) This week, Adobe announced a settlement of a class action lawsuit that was filed against them as a result of a 2013 data breach. This followed a 2014 finding that Adobe's conduct was a contributing factor to the damages sustained by the plaintiff; namely representatives of some of the three million credit or debit card holders

FBI arrests JP Morgan Chase former employee for selling account data (Naked Security) A former employee of JP Morgan Chase, the largest bank in the US, has been arrested by the FBI after a sting operation which resulted in several sets of bank account data including PINs being sold to informants and federal agents

Woman arrested after hijacking PCs, showing hardcore porn to victims (Naked Security) Royal Canadian Mounted Police on Wednesday arrested a 27-year-old woman who allegedly installed malware on people's computers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

Upcoming Events

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas...

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security...

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science...

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.