skip navigation

More signal. Less noise.

Daily briefing.

The guttering information and cyber conflict surrounding ISIS continues. The Washington Post offers an account of how the US State Department attempted to take a page from the ISIS information operations playbook, with indifferent success. And an apparent Saudi hacktivist succeeds in defacing the website of Iran's Ministry of Defense.

Hacktivists in Sweden, associating themselves with Anonymous, take down various neo-Nazi sites with connections to Sweden (thereby coming in on the Allied side on the seventieth V-E Day).

Another, largely negative review, of the Open Smart Grid Protocol (OSGP) appears, reiterating the conclusions of earlier discussions: home-brew crypto is probably not a particularly good idea. It's especially questionable, perhaps, in an area that touches particularly sensitive parts of the Internet-of-things.

The US Government raises concerns about the vulnerability of hedge funds to cyber attack. The funds, regulators think, may constitute a soft underbelly of the financial sector as a whole.

Attempts to quantify breach losses continue as various sectors grope towards cyber risk actuarial data.

The US Commerce Department this week undertakes a major cyber security trade mission to Eastern Europe, with the initial focal points being Romania and Poland.

Tory victory in the UK elections is expected to have significant ramifications for both surveillance policy and support of security start-ups — observers expect a strengthening of both.

As the US expresses concerns to China over the "Great Cannon," Russia and China conclude an agreement in which the two powers agree to forego cyber operations against one another. (Observers are skeptical.)

Notes.

Today's issue includes events affecting China, European Union, India, Iran, Iraq, Poland, Romania, Russia, Saudi Arabia, Sweden, Syria, Taiwan, United Kingdom, United States.

Dateline Jailbreak Security Summit

Apple Security Talks & Craft Beer: A New Kind of Technology Event (Jailbreak Brewing Company) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors

Practical iOS App Security (Totem Training) Had a great time presenting at this year's security summit focused on Mac OS X and iOS at Jailbreak Brewing Co. Here's the the slides and demos from my talk

Cyber Attacks, Threats, and Vulnerabilities

In a propaganda war against ISIS, the U.S. tried to play by the enemy's rules (Washington Post) As fighters surged into Syria last summer, a video surfaced online with the grisly imagery and sneering tone of a propaganda release from the Islamic State

Iran Ministry Of Defense Website Hacked By Saudi Hacker (HackRead) Saudi Arabia along with its allies is fighting a war in Yemen while their hackers are fighting an online war against Iran, accusing the country of supporting Houthi forces

Anonymous Knocks Pro-Nazi Websites Offline with DDoS Attacks (FreedomHacker) Anonymous hackers decided to commemorate the 70th anniversary of the defeat of Nazi forces in 1945, by Anonymous Sweden deciding to knock pro-Nazi websites offline in motion of the 70 year old victory

So, the NSA Has an Actual Skynet Program (Wired) We've suspected it all along — that Skynet, the massive program that brings about world destruction in the Terminator movies, was just a fictionalization of a real program in the hands of the US government. And now it's confirmed — at least in name

Flawed encryption leaves millions of smart grid devices at risk of cyberattacks (ZDNet) The first rule of crypto club? "Don't invent your own"

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says (Dark Reading) Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen — aka "RSnake" — says in new finding on 'Magic Hash' vulnerability

WordPress Sites Backdoored, Leaking Credentials (Threatpost) WordPress site administrators just cannot come up for air

Seemingly Legit Resume Actually Contains Crypto-Malware (HackRead) The malicious email, targeted at a company's resume screening department, is equipped with file encryption capabilities

Malicious Word Document: This Time The Maldoc Is A MIME File (Internet Storm Center) Bart Blaze Tweeted me a malicious Word document sample (MD5 23a2d596d927ceab01918cc1dfd5db68) that can not be analyzed with my oledump tool. It turns out to be a MIME file that contains a MSO file, that in turn contains an OLE file. We've seen MSO files containing OLE files when we talked about XML Office documents. I've updated my oledump tool (V0.0.15) to handle MSO files directly

The impact of Rombertik (Blue Coat Labs) This week, researchers from Cisco wrote a blog post detailing a new malware they named Rombertik. This malware contains a lot of obfuscation and may also trigger a destructive routine, which will overwrite data — typically the master boot record (MBR) on the hard disk. This destruction is quoted to happen if the malware detects that it runs inside a virtual machine. Rombertik also contains several tricks to achieve this and also a few tricks assumed to hamper the detection of the malware inside malware sandboxes

GPU-based malware is real, say developers of PoC rootkit and keylogger (Help Net Security) Two yet unfinished coding projects by a group of developers that call themselves Team Jellyfish have received unexpected attention due to an Ars Technica article published on Thursday

US Based Company Lost $3.8 Million Stolen Due To Cyberattack (HackRead) Due to a cyberattack an Alaska Native Corporation had to bear the loss of $3.8million which the firm was transferring to a Hong Kong based bank account last month

Spear Phishing Campaign Targets Government Office in Taiwan (Softpedia) Workers at a government office in Taiwan have received emails carrying a backdoor that extracts system identifying information and delivers it to a remote server

Breaking Bad ransomware (Graham Cluley) Sometimes malware authors leave clues in their code which might reveal something about themselves

Visitors to top adult sites hit by malvertising attack (IDG via ComputerWorld) A malicious advertisement posted through an ad network contained a Flash Player exploit

US Secret Service Alerts InterContinental Hotel Group of Data Breach (Softpedia) Cities Service received a notification from the InterContinental Hotel Group (IHG) it is part of, regarding a possible compromise of its payment processing systems at its Holiday Inn Express & Suites hotel in Sulphur, Louisiana

Company posts ad looking for Windows support scammers (Naked Security) Why you work here in Technical Department for Windows?

60 Days of Watching Hackers Attack Elasticsearch (Jordan-Wright Security and Programming Blog) Two months ago, one of my DigitalOcean instances started attacking another host with massive amounts of bogus traffic. I was notified by the abuse team at DO that my VPS was participating in a DDoS attack. I managed to track down that the attackers leveraged an RCE vulnerability in Elasticsearch to automatically download and run malware

Criminals attempt 25 million payments and logins a month (CSO) About 25 million of the 1 billion transactions analyzed each month by ThreatMetrix are fraudulent

Who's Scanning Your Network? (A: Everyone) (KrebsOnSecurity) Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning. I couldn't believe that people actually still cared about scanning, and I told him as much: These days there are countless entities — some benign and research-oriented, and some less benign — that are continuously mapping and cataloging virtually every devices that's put online

US government warns hedge funds pose cyber risk (Financial Times) Hedge funds are a weak link in the US financial system's defences against hackers and terrorists, the Obama administration has warned the industry

Senators Raise Questions About Security Vulnerabilities Within the Thrift Savings Plan (FedSmith) Senators Tom Carper (D-DE) and Ron Johnson (R-WI) sent a letter late last week to the chairman of the Federal Retirement Thrift Investment Board (FRTIB), the outfit that runs the Thrift Savings Plan, expressing concerns about potential cybersecurity vulnerabilities within the TSP

It's Not The Hackers You're Thinking Of in 2015 (Dark Matters) On Sunday, April 26, 2015, I was reviewing a bazillion emails coming to me via groups I engage on LinkedIn. One that caught my eye had a bi-line of "Why is there not more emphasis on getting the word out to the public on how individuals can protect…" and my first thought was "Really? Seriously"

Bulletin (SB15-131) Vulnerability Summary for the Week of May 04, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Microsoft nixes ActiveX add-on technology in new Edge browser (Computerworld) IE11 support will continue for enterprises — which rely on ActiveX — but don't expect that to outlast Windows 7

Lenovo uses System Update to patch serious System Update security hole (Naked Security) Laptop megabrand Lenovo was all over the news recently thanks to a preinstalled utility called Superfish

Cyber Trends

Economic Impact from a Company's Data Breach — No Big Deal? Not So Fast! (JDSupra) Recent data breaches have prompted worries about economic damage to the infiltrated companies. Analyses in fact show minimal effects on stock prices or revenues of the hacked companies. But that may be only temporary comfort as commentators urge a longer-term view

Health data breaches: Why size doesn't matter (Government Health IT) Big breaches make for big news: Anthem, Heartland Payment Systems, Sony, Target, to name just a few. The causes of these big breaches are numerous: big data and information integration provide a larger attack surface, and criminals are becoming more adept at acquiring and exploiting personal information

Utility, security experts warn of mounting threat to grid (Capital) The methods that have been used to attack U.S. power grids have been as rudimentary as firing rifles at substations, and as sophisticated as a computer virus designed to shutter power plants across entire regions

How should we regulate the Internet of Things? (The Week) There seems to be a lack of public appreciation of the extent to which the Internet of Things is going to fundamentally change how people interact with the world around them

Lack of joined up thinking undermining IoT security (MicroScope) The only reason that there has not been a major IoT security breach is because the technology is not yet widely deployed but as interest in the technology grows so do the fears that more vulnerabilities will emerge

The Internet of things doesn't — and shouldn't — exist (InfoWorld) An open, fully connected environment is impossible and dangerous, which is why IoT is really a collection of separate networks

To what extent companies digitally track our daily lives? (Help Net Security) Do you know how digitally collected information uncovers things about you which you would rather remained private? We're already living in the age of Big Data, and are on the very cusp of the age of the Internet of Things — will this lead to to complete and ubiquitous surveillance?

The new perimeter and the rise of IDaaS (GCN Cybereye) Identity management has been a major focus in security for a long time, and in government that stretches at least as far back as the implementation of HSPD-12 in 2005. The Obama administration ratcheted the effort even higher in 2012 when it released the National Strategy for Trusted Identities in Cyberspace (NSTIC)

Agency CIOs Need to be Aware of the Dangers of Consumer Tech (Nextgov) We've all heard about the benefits of consumerized IT for large organizations. Consumer technology is more innovative and faster moving than its enterprise counterpart. Just look at Apple, Google or Facebook and compare them to IBM, Oracle or SAP

Mobile malware statistics highlight unknown state of mobile threats (TechTargetg) Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well

Survey shows most data breaches don't happen online (Ventura County Star) Most data breaches that occurred last year originated with a brick-and-mortar store or financial institution, according to a recent Consumer Reports survey of more than 3,000 American adults

Marketplace

US leads 20 groups on cyber security mission (Financial Times) A top US Department of Commerce official is leading a cyber security trade mission to Romania and Poland this week to discuss ways to bolster defences against a common threat of cyber attacks emanating from Russia and elsewhere in eastern Europe

Bruce Andrews, Deputy Secretary of the U.S. Department of Commerce: Romania Holds Opportunity for U.S. Cybersecurity Companies (Nine O'Clock) 20 American companies ready to do business during U.S. Commerce Department Trade Mission

Tea to tech: China's cybersecurity push sparks a 'gold rush' (Asia One) Zhang Long made his fortune selling Pu'er fermented tea and handcrafted furniture from the mountains of his native Yunnan Province in southwest China

Top Morgan Stanley banker says foreign governments are trying to hack Wall Street (Business Insider) One of Morgan Stanley's top bankers says that a growing portion of Wall Street firms' budgets will need to be dedicated to thwarting hackers

Why It's Not Too Late To Buy FireEye Inc. (Motley Fool) Shares of cyber security vendor FireEye (NASDAQ: FEYE ) have risen significantly since last October, and are now up more than 50%. Demand for FireEye's services remains intense, and the company's recent earnings reports have exceeded expectations

The KEYW Holding Corporation (KEYW — $8.71) Lower Price Target (FBR Capital) Delivers soft March results, lowers outlook — maintain market perform

Constellis, Olive Group to Merge in Security Business Strategy (GovConWire) Constellis Group has agreed to merge with Olive Group in a bid to grow both companies' risk management, security and managed support service offerings in the global commercial market

Northrop Grumman and bwtech@UMBC Graduate Fifth Cyber Startup from Cync Incubator Program (IT Business Net) DB Networks graduates; OptioLabs accepted; Unique Cync partnership nurtures innovation to combat rapidly evolving cyber threat

BlackBag Receives In-Q-Tel Investment for Digital Forensics Software (ExecutiveBiz) In-Q-Tel — the CIA's venture capital arm — has made an investment in BlackBag Technologies to help the San Jose, California-based company further develop its digital forensic analysis platform for use in U.S. intelligence mission

DHS picks Booz Allen Hamilton for cyber contract (C4ISR & Networks) Booz Allen Hamilton has been awarded a $39 million DHS cybersecurity contract. The award, for DHS's Continuous Diagnostics and Mitigation (CDM) program, will provide tools and sensors. It was awarded under the $6 billion General Services Administration's Continuous Monitoring as a Service (CMaaS) contract. It will support four functional areas: Hardware Asset Management, Software Asset Management, Configuration Management, and Vulnerability Management

Fortinet Wins "Best Places to Work" Award From Silicon Valley Business Journal and San Francisco Business Times (Marketwired) Employee survey validates Fortinet's commitment to employee success, career development and a healthy work environment as the company continues to thrive

Is Marc Benioff becoming Microsoft's new CEO? (LinkedIn) I loved Microsoft (MSFT) — it was a huge part of my previous business — hundreds of millions of dollars. But today I find it embarrassing to see a company's 30,000 engineers releasing a new Windows version that has only changes but zero improvements, then releasing a Windows server version that most top engineers actually roll back to the previous version because Microsoft failed to make it easier to use — not more complicated

Don Maclean Joins DLT as Chief Cybersecurity Technologist (GovConWire) Don Maclean, a more than 20-year government information technology security veteran, has been named chief cybersecurity technologist at DLT Solutions

Products, Services, and Solutions

What 700 TB of cyber threat data can do for you (GCN) The value of cyber threat intelligence increases as it's shared

The USBKILL anti-forensics tool — it doesn't do *quite* what it says on the tin (Naked Security) A hacker who very modestly goes by the handle Hephaest0s has just announced an "anti-forensic kill switch" dubbed, well, usbkill. It doesn't do quite what the name might immediately suggest

Omnicom's Porter Novelli Launches Cybersecurity Platform (Zacks) Global public relations leader Porter Novelli, a part of Omnicom Group Inc.'s (OMC - Analyst Report) DAS Group of Companies, launched PNProtect, a full-service cybersecurity platform to protect clients from digital threats

Check Point launches cyberthreat map (IT Online) Check Point recently launched the ThreatCloud World Cyber Threat Map, which visualises how and where cyber-attacks are taking place worldwide in realtime

ThreatStream's approach to threat intelligence (Help Net Security) Imagine being able to make sense of all the threat information that's flowing through your security controls and coming from your threat feeds in minutes, not weeks, months or years

BalaBit updates Shell Control Box (Help Net Security) BalaBit announced Shell Control Box (SCB) 4 F1, an enterprise-level activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. It integrates seamlessly into the enterprise's existing infrastructures and is completely independent from clients and servers

Autorize — Automatic Authorization Enforcement Detection (Extension for Burp Suite) (Kitploit) Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests

Technologies, Techniques, and Standards

Cybersecurity Standards and Your Enterprise (CTOvision) As we have noted in the past, "The nice thing about standards is that you have so many to choose from" teaches Andrew S. Tanebaum in his classic text on Computer Networks

3 rules to help secure the Internet of Things (EET India) There is a wide and growing concern for the security of the Internet of Things (IoT). It's abundantly clear that the Internet is infested with ne'er-do-wells who thrive on hacking into networked devices. But many embedded development teams have never had to deal with security issues before, and are still trying to decide what, if anything, they need to do

How to balance safety and security in medical software (Electronics Weekly) Say "software security" to most people and they will think of hacked bank accounts, or attacks on corporate databases. Closer to home, consider the current trend for hackers to target medical records rather than electronic credit card data as the former proves to be more profitable and less risky

'Father of the Internet' Vint Cerf advocates for stronger encryption technology (Christian Science Monitor Passcode) "Your laptop should be encrypted, your disk drive should be encrypted, your mobile should be encrypted," said Cerf, Google's chief Internet evangelist, at a talk in Washington this week

Identifying and Dividing Networks and Users (TrendMicro) Proper network segmentation is the most critical proactive step in protecting networks against targeted attacks. It is also important for organization to properly identify and categorize their own users and the networks they access

SOC Analyst Pyramid (Internet Storm Center) Last weekend, I did a 10 minute fireside chat during lunch at BSidesSATX 2015. It was an informal presentation, where I discussed some of the issues facing security analysts working at an organization's Security Operations Center (SOC)

Wireshark TCP Flags: How To Install On Windows Video (Internet Storm Center) I was asked how to install on Windows the Wireshark TCP Flags dissector I wrote about in a diary entry a month ago

Rethinking cyber security in the age of the hacker (Financial Review) Fear is an important factor driving many organisations to increase their IT security spending, with a Gartner study predicting global expenditure will rise by 8.5 per cent, to $US77 billion ($97.52 billion) in 2015. But if even the best-resourced companies are losing the cyber-security battle, what hope is there for the rest of us?

5 ways to close common medical device vulnerabilities (FierceHealthIT) VA CIO Stephen Warren offers tips for addressing device security threats

Eight Things You Need to Know Before Deploying a Cyber-Threat Intelligence Solution (Infosecurity Magazine) Protecting against cyber-attacks is proving to be a real challenge. A few years ago, defense-in-depth was the recommended methodology to successfully fight cyber-attacks. Despite the proliferation of defense-in-depth mechanisms, a large number of high profile cyber-attacks are still observed

Why Your Business Needs No Security Strategy (Dark Matters) An attack takes down the web server. An office worker notices there's no response and calls IT support. So a member of IT support goes to the server room

Research and Development

Keeping your car safe from hacking (Fox News) Picture this: You're driving along a stretch of road, and an unseen force takes over. The car picks up speed, then swerves — without your touching the accelerator or turning the wheel. You're no more than a helpless passenger. What just happened? Your car has been hacked

Pentagon Considers Turning Nation's Cellphones into Walkie-Talkies During Emergencies (Nextgov) Let's say it's 2016 and the government has a message to get out to the public — ISIS is believed to be waging an attack on cellphone towers in the United States. How can the feds communicate that to a population of cord cutters when the towers are down?

Academia

Hispanic Heritage Foundation and Mary's Center Host Loft Coding Jam Session on May 11 to Introduce Latino Youth to Coding and Technology Careers (Hispanic Heritage Foundation) Effort is part of Code as a Second Language (CSL) Initiative to teach coding to Latinos in US

KEGS computer whiz kids stop hackers in Cyber Centurion contest (Essex Chronicle) Being able to stop malicious hackers trying to steal valuable data in four hours was the challenge successfully confronted by a team of Chelmsford schoolboys

On First Try, Newport Students Excel at National Youth Cyber Defense Conference (Newport (RI) Patch) The team from the Newport Area Career and Technical Center did exceptionally well at the recent CyberPatriot competition, taking 2nd place

Legislation, Policy, and Regulation

Theresa May signals Tory majority could revive snoopers' charter (ComputerWeekly) With the Conservative Party election majority scarcely a few hours old, Theresa May has indicated the party could revive the so-called "snoopers' charter" to monitor electronic communications

Russia and China Pledge Not to Hack Each Other (Wall Street Journal) If the U.S. intelligence community believes that Russia poses a greater cyber spying threat than China, what will it make of this?

Russia, China are totally BFFs when it comes to Internet security (Ars Technica) Moscow, Beijing will share info when the Internet is used for "criminal purposes"

China tightens cybersecurity controls to limit foreign spying (ZDNet) China has included a "sovereignty" clause in a new wave of policies designed to tighten IT management

'Confidential information secured in India from cyber attacks' (Zee News) The central government has taken a number of steps to protect confidential information in the defence sector from cyber attacks, Defence Minister Manhohar Parrikar told the Lok Sabha on Friday

Deadline approaches for Congress to reauthorize surveillance powers (UPI) The deadline is approaching for Congress to reauthorize Section 215 of the Patriot Act, the NSA's legal justification for domestic surveillance

Intelligence leaders cite Texas attack before deadline on NSA surveillance (Guardian) Washington's intelligence leaders flooded US television studios on Sunday, to warn of the dangers of homegrown terrorism in a concerted push that coincided with a looming deadline to reauthorise the domestic surveillance powers of the National Security Agency

Obama and His Cybersecurity 'Trojan Horse' (The Blaze) President Barack Obama signed a new cybersecurity executive order that gives him ultimate control over information gathered for the purposes of protecting it against nefarious individuals or groups. This has caused a ripple of concern among cybersecurity firms that could grow into a tsunami should the new legislation go forward

Why It's Tough to Pass Data Breach Bill (BankInfoSecurity) Measures to create Federal notification law mired in Congress

Should Washington Allow Companies to Strike Back Against Hackers? (Wall Street Journal) There's a moral case for defensive hacking, but some say it would undermine the law

Data privacy endangered by international trade agreements (Help Net Security) You might or might not know that some countries — especially some European ones — have (or are working on) strong data protection laws

Exclusive: Former Bush National Security Official To Be NSA's Top Lawyer (Daily Beast) Matthew Waxman defended the Geneva Conventions when he was at the Pentagon under President George W. Bush. Now he will defend Obama's NSA

Silicon Valley licensing company crafts 'best practices,'argues it could transform patent system (Legal Newsline) As the number of bills aimed at reforming the nation's patent system continue to pile up in Congress, one Silicon Valley company argues that a more commonsensical approach to the perceived "patent troll" problem is needed. Finjan, a cyber security technology company that became a publicly-traded company in 2013 and has shifted its focus to licensing its intellectual property, has spent the better part of a year crafting a list of "best practices"

Litigation, Investigation, and Law Enforcement

U.S. asks China to investigate cyber attack targeting U.S. sites (Reuters) The United States said on Friday it has asked Beijing to investigate reports that China interfered with Internet content hosted outside the country and used it to attack U.S. websites

Court ruling against NSA practice could reverberate far beyond phone spying (Christian Science Monitor Passcode) The federal court decision Thursday that found it illegal for the National Security Agency to collect massive amounts of phone data may have broader implications when it comes to privacy in the Digital Age

Did judge who ruled NSA phone dragnet illegal call Snowden a whistleblower? (Ars Technica) "Secretive bureaucratic agencies… benefit from a breath of fresh air," judge says

Former federal employee busted for attempted cyber-attack to sell secrets to foreign government, authorities say (Fox News) A former employee of the U.S. Department of Energy and U.S. Nuclear Regulatory Commission was busted in an FBI sting for allegedly attempting to set off a "spear fishing" cyber-attack to extract nuclear information from the agency for personal gain

Cybersecurity firm accused of staging data breaches to extort clients (Engadget) Have you ever heard of a cybersecurity firm called Tiversa? No? Well, you'll likely be hearing about it a lot in the coming weeks, because an ex-employee is accusing it of fraud. Richard Wallace, one of its former investigators, has recently testified against the firm in a Washington DC courtroom. During the proceeding, he claimed Tiversa's employees would hack potential clients to force them to pay for the firm's services. The CEO, Bob Boback, would apparently even order them to look for IPs of known identity thieves using Tiversa's close ties to law enforcement agencies. They'd then tell the companies they were targeting that those IPs are breaking into their computers as an additional scare tactic

Alleged Photobucket hackers arrested in US (IT News) Accused of selling privacy-bypass tool onto third parties

"Creep" shamed on Facebook was actually man taking selfie with Darth Vader (Naked Security) A Melbourne mother, mistakenly believing that a guy was photographing her kids in a shopping centre, snapped a photo of him as he was "taking off" (also known as simply leaving a Target store)

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2015 Honeynet Project Workshop (Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat...

Upcoming Events

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science...

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.