skip navigation

More signal. Less noise.

Daily briefing.

Russian intelligence services again stand accused of snooping on European Commission negotiations concerning Ukrainian natural gas.

ISIS may be taking a beating on the battlefield, but that hasn't affected its information ops ("most successful terrorist brand ever," suggests CNN). Iraq's embassy warns South Africa to take the Caliphate's online recruiting seriously; the US FBI Director decries the terrorist group's campaign of incitement in cyberspace. ISIS spokesmen in Australia say they're "winning the minds of the young generation."

Trend Micro reports that MadAdsMedia advertising network has been compromised to serve up the Nuclear exploit kit in malvertising afflicting Internet users in Japan, Australia, and the United States.

Bloggers continue to recover from recently patched WordPress vulnerabilities.

A proof-of-concept rootkit hack of GPUs by unnamed researchers (Ars Technica calls them "pseudo-anonymous") may presage stealthier attacks in the wild.

Avast fixes its false alarm problem.

China responds to US cyber strategy. Germany's BND pulls back (somewhat) from cooperation with the US NSA.

This week's court decision in the US Second Circuit found, as Quartz puts it, bulk telephony surveillance "just illegal" ("forget unconstitutional"). There is, as a Washington Post op-ed notes, "much posturing" going on. The White House says it's considering how to work with Congress on reforms, but the Senate Majority Leader seems willing to double-down on surveillance despite the Second Circuit's ruling.

Observers of evolving US breach disclosure legislation think it will increase the glare of war. If so, get some sunglasses, Uncle Sam. (We think Marianne buys hers in Montpellier.)

Notes.

Today's issue includes events affecting Australia, Brazil, China, European Union, Germany, Iraq, Israel, Japan, Russia, South Africa, Syria, Ukraine, United Kingdom, United States.

We're filing from Jailbreak in Laurel, Maryland, USA today, whence we're also live tweeting about what's (as far as we know) the first ever cyber security "summit" to be held in a working production brewery. We'll have a full report on the proceedings Monday. In the meantime, follow @thecyberwire on Twitter (#JailbreakSummit) for notes, updates, and comments throughout the day.

Cyber Attacks, Threats, and Vulnerabilities

EU digital boss says he 'sure' Russia spied during Gazprom talks (Reuters via Yahoo! News) Spies regularly target the European Commission, the region's digital economy boss said on Thursday, specifically suggesting that Russia had listened in during negotiations last year over gas supplies to Ukraine

Online jihadist hails power of social media after Texas attack (Sydney Morning Herald) An Australian Twitter user and Islamic State supporter who appeared to encourage the terrorist attack on an anti-Islamic cartoon event in the US says his movement is "winning the minds of the young generation"

FBI director says Islamic State influence growing in U.S. (USA TODAY) In a dramatic assessment of the domestic threat posed by the Islamic State, FBI Director James Comey said Thursday there are "hundreds, maybe thousands" of people across the country who are receiving recruitment overtures from the terrorist group or directives to attack the U.S

Vulnerable Islamic State Still Winning Online Battle (Voice of America) Setbacks on the battlefield seem to be doing little to dent the success the Islamic State is having in the world of social media. And that's prompting a new outcry from U.S. lawmakers, who say Washington's online strategy is off-base

'ISIS Recruitment in SA Should be Taken Seriously' (Eyewitness News) The Iraqi Ambassador to South Africa says the younger generation needed to be educated about terror groups

ISIS: The most successful terrorist brand ever? (CNN) Like moths to a flame, a growing number of people around the world have been drawn to the terrorist organization ISIS

Ad Network Compromised, Users Victimized by Nuclear Exploit Kit (TrendLabs Security Intelligence Blog) MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia

JetPack and TwentyFifteen Vulnerable to DOM-based XSS (Sucuri Blog) Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs. The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package

GPU-based rootkit and keylogger offer superior stealth and computing power (Ars Technica) Proof-of-concept malware may pave the way for future in-the-wild attacks

CPL Malware in Brazil: somewhere between banking trojans and malicious emails (We Live Security) When we analyze the most prevalent threats in Latin America, we see the same malware families across the region. In Brazil, however, there is a different situation. Not only is Brazil one of the most populated countries in the world, but it is also one of the countries with the highest percentage of Internet users using online banking. That is why Brazil is the country where banking trojans are the number one threat

F*cking DLL! Avast false positive trashes Windows code libraries (Register) Avast there indeed, matey, wail admins as rogue guard dog savages their jugular

Deconstructing the 2014 Sally Beauty Breach (KrebsOnSecurity) This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 breach went down

Casino installs new POS equipment while investigating potential data breach (Help Net Security) A few days after Las Vegas' Hard Rock casino revealed that it has been hit by carders, another US casino has started an internal investigation aimed at finding out whether they've also been successfully targeted

EMC-owned Spanning sounds alarm over enterprise attitude to SaaS backups (ComputerWeekly) Enterprises are taking unnecessary business risks by mistakenly assuming their data will be automatically backed up when they use cloud-based services

Weak Homegrown Crypto Dooms Open Smart Grid Protocol (Threatpost) In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide

If a hacker can turn traffic lights green, could a plane’s wifi open it to attack? (Irish Times) Smart cities are the future but all that interconnectivity means more opportunities for hackers to create havoc

Mind the Cyber Gap (CIO) Today there is much greater threat to the modern railway: cyber crime

Will the Internet of Things be more damaging to security policies than BYOD? (Information Age) Security must be tackled before this futuristic-sounding network comprising billions of smart digital devices truly hits the mainstream

Security Patches, Mitigations, and Software Updates

Cisco Patches Remote Code Execution Bugs in UCS Central (Threatpost) Cisco has patched a serious remote code execution vulnerability in its Unified Computing System (UCS) Central software, a data center platform that integrates processing, networking, storage and virtualization into one system

Google pumps out updates to security extension to patch vulnerabilities (SC Magazine) Persistent problems are plaguing the Google engineers who developed an anti-phishing extension for Chrome

Cyber Trends

More evidence that employee negligence is security risk No. 1 (GCN) What: The BakerHostetler Data Security Incident Response Report. Why: Thirty-six percent of data security incidents handled last year by the BakerHostetler law firm were due to employee negligence, making it the leading cause of security incidents. According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks

Infrastrukturen und Industrie im Kreuzfeuer (Security-Insider) SCADA-Systeme und Industrial Control Systems sind bedroht, diese Erkenntnis hat sich seit 2010 durchgesetzt. Stuxnet, Duqu und Flame haben bewiesen, dass sich Industrieanlagen durch Malware und Hackerangriffe manipulieren lassen. Aber wie ist der Bedrohung konkret zu begegnen?

Marketplace

Risk IT and services spending to reach $78.6 Billion in 2015 (Help Net Security) According to a new IDC Financial Insights forecast, worldwide risk information technologies and services (RITS) spending will reach $78.6 billion in 2015 and is expected to reach $96.3 billion by 2018 at a compound annual growth rate (CAGR) of 6.97% during the 2013-2018 forecast period

BlackBerry Completes WatchDox Acquisition (MarketWatch) Acquisition expands BlackBerry's enterprise portfolio to provide the most secure end-to-end mobile solution

App Annie Grows with Mobidia Acquisition (PYMNTS) The biggest mobile intelligence platform has gotten even bigger with the acquisition of a mobile measurement company

Antivirus vendor AVG buys VPN service provider Privax for up to $60M (FierceITSecurity) Reflecting the growing concern among companies about mobile security, antivirus software provider AVG has purchased Privax, a provider of virtual private network services for mobile devices and desktops, for up to $60 million

A Match Made In Heaven — Lockheed Martin Partners With Cybereason (Forbes) Cybereason is a cyber security company that was founded by ex-members of Israel's crack intelligence agency's cybersecurity unit 8200

Cybereason Raises $25M Because Corporate Security Is Broken (TechCrunch) As data breaches expose millions of U.S. health records and cyber attacks threaten to cause an accidental nuclear war, security tech is more relevant than ever

CyberArk: A Pure Cybersecurity Play (Seeking Alpha) There has been an explosion in the number of cybersecurity threats in recent years, leaving both governments and corporations vulnerable to data breaches that are both embarrassing and damaging

Security Software Stocks See Upward Trend (Market Realist) FireEye share prices have appreciated by &126;30% year-to-date

Why FireEye Stock Lost 6% on May 5, 2015 (Market Realist) After gaining more than 6%, FireEye shares tumble on May 5, 2015

US Navy Looks to Dump Lenovo Servers on Security Concerns — Report (Infosecurity Magazine) The US Navy is reportedly looking for a new server supplier for some of its guided missile cruisers and destroyers due to security concerns around Lenovo's recent purchase of IBM's x86 server division

UK is leading the way at the forefront of cyber security (IT Pro Portal) The RSA Conference has grown significantly in size and stature in recent years, fuelled by the news of seemingly endless security breaches and the real effects being felt by business leaders across the world. With such a laser-like focus on security issues, events such as RSA have become must-attend affairs for enterprises and public sector organisations alike

Products, Services, and Solutions

LightCyber Zeros in on Data Breaches With Increased Accuracy and Actionability (BusinessWire) New N2PA feature directly traces attack activity identified on the network to the source executable on the endpoint

Porter Novelli's PNProtect Cybersecurity Crisis Management Offering to Help Clients Predict, Prepare for, Manage and Recover from Digital Attacks (PRNewswire) Global public relations leader Porter Novelli (PN) announces the launch of PNProtect, a full-service cybersecurity offering to help clients predict, prepare for, identify, monitor, manage and recover from online threats and attacks. Powered by Rook Security, a best-in-class cybersecurity technology company, PNProtect addresses what is fast becoming the biggest dual threat to businesses: online attacks and the resulting reputation damage. Whether you're trying to predict your company's level of risk, deal with an active crisis or recover from a breach, PNProtect will help manage and mitigate the issues along the way

Red Lambda deploys artificial intelligence and peer-to-peer technology for cybersecurity (FierceFinanceIT) A Florida company is taking peer-to-peer and artificial intelligence technology originally developed through the University of Florida and National Science Foundation research and applying it to enterprise-level security

Security On-Demand® Launches New Cyber-Attack Detection Solution: ThreatWatch® 2.0 (PRNewswire) First managed security provider to provide behavioral analytics "as-a-service"

Classification and protection of unstructured data (Help Net Securiity) In this podcast recorded at RSA Conference 2015, Stephane Charbonneau, CTO of TITUS, talks about TITUS Classification Suite 4, a significant new release of its flagship data identification and information protection suite.

Technologies, Techniques, and Standards

Best Practices for Victim Response and Reporting of Cyber Incidents (US Department of Justice Cybersecurity Unit) Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs

NIST prepping more cloud security control guidance to complement FedRAMP (FierceGovernmentIT) Forthcoming guidance NIST SP 800-174 will look at security control allocation, reference SP 800-53 controls

Rethinking & Repackaging iOS Apps: Part 2 (Bishop Fox) In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices

How to make two binaries with the same MD5 hash (Nat McHugh) One question I was asked when I demo'd creating two PHP files with the same hash is; does it work on compiled binaries?

APTs: The fine balance of control and monitoring (Help Net Security) Security is not about winning the war. It is more like insurance, it's about how we handle risks. In order to successfully handle the risk of Advanced Persistent Threats (APTs) we need to focus on the high stake targets that we want to protect. The challenge, then, is to build a multi-layered security architecture with the right balance of control and monitoring technologies that can prevent any lower-impact threats from escalating into a full blown attack

Five reasons threat intelligence fails today, and how to overcome them (ChannelWorld) As cyber security threats have become increasingly sophisticated and pervasive, it's become impossible to identify and defend against every probable attack with traditional security budgets. That's where threat intelligence comes in. Effective use of threat intelligence is a way for businesses to pool their resources and overcome internal technical or resource limitations. Theoretically, it allows companies to "crowd source" security and stay one step ahead of malicious entities

Social Engineering Defenses: Reducing The Human Element (Dark Reading) Most security awareness advice is terrible, just plain bad, and not remotely feasible for your average user

Insiders — The Threat Right in Your Blind Spot (Information Security Buzz) While you're standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it's someone truly malicious

Don't just secure the network — secure the breach: three simple steps (GSN) As we've seen by recently reported hacks of healthcare networks, security breaches are becoming commonplace. Attacks on secure networks can come from internal or external sources. "Breach prevention" is no longer a workable strategy

Remediation is the Foundation of your Security Strategy! (LinkedIn) In many ways, this year's RSA conference was overwhelming. In other ways, it was a disappointment in how the market is providing solutions to mitigate our security risks. As several colleagues have pointed out, "remediation" is a huge gaps at 2015 RSA,

Who's Watching You? Video Surveillance-User Beware! (Willis Wire) I routinely find myself being called upon to provide advice regarding the various benefits and risks associated with the applications of video surveillance, particularly the possible exposures to property owners or other key stakeholders regarding its use

How to Win the Cloud Security Game by Balancing Risk with Agility (Trend Micro Simply Security) The cloud is changing the way organizations around the world do IT. Attracted by lower costs, improved efficiency, and faster development and deployment times for apps, users everywhere are migrating to this new computing model in droves, with or without the blessing of IT. Yet security is a top concern due to the loss of control of a physical infrastructure

Design and Innovation

What you really accept when you use How-Old.net (Trend Micro Countermeasures) Microsoft had an apparently unexpected hit on their hands with the unveiling of the "How Old Do I Look?" service at the Microsoft Build conference last week. By the weekend my Facebook feed was filling up with friends from all over the globe sharing the results of their own submissions to the service. For the three of you that haven't come across this viral hit recently, "How Old Do I Look" allows a user to upload a photo and will attempt to correctly guess the age of the subject of the picture, with the results ranging from the spectacularly awful to the incredibly accurate

Research and Development

Facebook Echo Chamber Isn't Facebook's Fault, Says Facebook (Wired) Does the Internet help facilitate an echo chamber? In an age where so much of the information that we see online is filtered through opaque algorithms, the fear is that we only get exposed to viewpoints with which we already agree. Behemoths like Facebook and Google show you new stuff based on what you've previously liked, the argument goes. And so we get stuck in a polarizing cycle that stifles discourse. We only see what we want to see

Academia

DMU joins forces with Airbus Group to protect critical national infrastructure from cyber attacks (DeMontfort University) De Montfort University Leicester (DMU) has launched a research programme with Airbus Group to develop a new digital forensic capability for the Supervisory Control and Data Acquisition (SCADA) industrial control systems that underpin the UK's critical national infrastructure

Legislation, Policy, and Regulation

China's draft national security law calls for cyberspace 'sovereignty' (Reuters) China has included cybersecurity in a draft national security law, the latest in a string of moves by Beijing to bolster the legal framework protecting the country's information technology

A Chinese Response to the Department of Defense?s New Cyber Strategy (Council on Foreign Relations: Net Politics) Last week, a Chinese Ministry of Defense spokesman condemned the Pentagon's new cybersecurity strategy. Geng Yansheng not only opposed the "groundless accusations" about Chinese cyber espionage contained in the strategy, but also suggested it "will further escalate tensions and trigger an arms race in cyberspace." Geng called on the United States to promote common security and mutual trust, rather than "seeking absolute security for itself"

German spies curb Internet snooping for U.S. after row — sources (Reuters) Germany has halted its Internet surveillance for the U.S. National Security Agency (NSA) in response to a row over the BND intelligence agency's cooperation with Washington, German intelligence sources said on Thursday

Germany Spies, U.S. Denies (BloombergView) Reports of German spying on European corporate targets at the behest of the U.S. have led to calls that Chancellor Angela Merkel was hypocritical for complaining about U.S. spying on Germany. Well, yes — but the hypocrisy of politicians hardly comes as a shock. What's more striking about the recent revelations is their targets — and what they say about U.S. government claims that it doesn't spy on behalf of private U.S. corporations

Senate GOP leader pushes for phone spying after court says it’s illegal (Ars Technica) "They're not running rogue out there," Sen. Mitch McConnell (R-Ky.) says of the NSA

Cybersecurity bill more likely to promote information overload than prevent cyberattacks (The Hill) A growing number of information security and hacking incidents emphasize the importance of improving U.S. cybersecurity practices. But many computer security experts are concerned that the Cybersecurity Information Sharing Act of 2015 (CISA) is unlikely to meaningfully prevent cyberattacks as supporters claim. Rather, it will provide another avenue for federal offices to extract private data without addressing our root cybersecurity vulnerabilities

Senators back Cyber Protection Team proposal, includes Rome Lab (Rome Sentinel) A New York and New Jersey Army National Guard proposal for a multi-state Cyber Protection Team that would include the Rome Air Force Research Laboratory is being backed by U.S. Senators Charles Schumer and Kirsten Gillibrand.

Researchers create searchable database of intelligence operators (Help Net Security) The researchers behind Transparency Toolkit, a venture whose goal is to develop source software to collect and analyze publicly available data on surveillance and human rights abuses, have released ICWATCH, a collection of 27,094 resumes of people working in the intelligence community

Litigation, Investigation, and Law Enforcement

Forget unconstitutional, America's mass surveillance program is just plain illegal (Quartz) A US federal appeals court — essentially, the second-highest in the land — has ruled that the bulk collection of US telephone records by the National Security Agency isn't permitted by laws passed after the 9/11 attacks to increase intelligence collection. You can read the entire decision here

American Civil Liberties Union et al. v. James R. Clapper et al. (United States Court of Appeals for the Second Circuit) Plaintiffs?appellants American Civil Liberties Union and American Civil Liberties Union Foundation, and New York Civil Liberties Union and New York Civil Liberties Union Foundation, appeal from a decision of the United States District Court for the Southern District of New York (William H. Pauley, III, Judge) granting defendants?appellees' motion to dismiss and denying plaintiffs?appellants' request for a preliminary injunction. The district court held that § 215 of the PATRIOT Act impliedly precludes judicial review; that plaintiffs?appellants' statutory claims regarding the scope of § 215 would in any event fail on the merits; and that § 215 does not violate the Fourth or First Amendments to the United States Constitution. We disagree in part, and hold that § 215 and the statutory scheme to which it relates do not preclude judicial review, and that the bulk telephone metadata program is not authorized by § 215. We therefore VACATE the judgment of the district court and REMAND for further proceedings consistent with this opinion

White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal (Dark Reading) Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says

Posturing on the National Security Agency ruling (Washington Post) The Post reports: :A federal appeals court on Thursday ruled that the National Security Agency's collection of millions of Americans' phone records violates the Patriot Act, the first appeals court to weigh in on a controversial surveillance program that has divided Congress and ignited a national debate over the proper scope of the government's spy powers

If you have a Verizon phone, you may be able to sue the NSA (Fusion) Today, a federal appeals court ruled that the bulk phone metadata collection program run by the National Security Agency that was brought to light thanks to the leaks of former contractor Edward Snowden was illegal, and not covered by Section 215 of the Patriot Act. But the ruling went further than that; it said, essentially, that anyone whose data was collected as part of the program, called PRISM, may be allowed to sue the NSA for harvesting their data

Islamic State's mixed funding sources pose a challenge for US, int'l efforts to eradicate group (FierceHomelandSecurity) The Islamic State's varied sources of funding — from oil revenue to the sale of looted antiquities — are a challenge for U.S. and international efforts intended to weaken and destroy the terrorist group, according to the Congressional Research Service

Agenda: A smart response to keeping people safe from the threat of cybercrime (Herald Scotland) s the world around us changes, the threats we face as communities change

Five Ways IT Security Companies Help Cyberpolice (Forbes) One of the guiding principles of my company has always been to marry the business of selling IT security solutions with in-depth research of malware and cybercrime

DEF CON's "Spot the Fed" contest a sore spot for Feds (MuckRock) "Attendees… appear to pride themselves on their ability to spot federal law enforcement officers"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect...

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

Upcoming Events

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.