skip navigation

More signal. Less noise.

Daily briefing.

More discussion of the apparently on-going Chinese cyber industrial espionage CrowdStrike flagged early this week. CrowdStrike tells Foreign Policy that they're not saying China's already in violation of the recently concluded Sino-American modus vivendi, because "It is not up to us to draw that conclusion." The media aren't so reticent: consensus appears to be that China's indeed in violation.

US Director of Central Intelligence Brennan has apparently had his personal email account hacked (and everyone notes that it's an AOL account). The hackers claim (speaking anonymously with reporters) that they're teenage "stoners" and pro-Palestinian slacktivists who socially engineered Verizon to give up Director Brennan's credentials. Quartz looks at a spreadsheet the stoners released (apparently safe for work, but caveat lector) and invites readers to draw their own conclusions.

ISIS is back with an onine media campaign, this one an incitement to anti-Jewish violence.

Researchers find memory leak and buffer overflow vulnerabilities in LibreSSL.

Chip-and-pin cards, as all know, are no panacea for point-of-sale security, and indeed they've been compromised in a "clever" man-in-the-middle exploit.

A malicious Chrome lookalike is circulating in the wild, as are many evolved CryptoLocker spawn.

Cyber insurance markets, immature as they remain, offer prospects of improving security standards, especially with respect to the IoT. Actuarial gaps remain an impediment to those markets' maturation: a new company, PivotPoint Risk Analytics, launches today with the promise of closing such gaps.

Thales announces its acquisition of Vormetric for some $400M. Many transatlantic hopes are expressed for Safe Harbor's revival.

Notes.

Today's issue includes events affecting Australia, Austria, Brazil, China, European Union, France, Iraq, Israel, Republic of Korea, Palestine, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies (New York Times) It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage

Security firm report: China may already be breaking agreement on hacking (Ars Technica) Crowdstrike accuses China of attempting hacks of pharma, tech firms

A pledge to stop hacking US companies has not stopped China's government from hacking US companies (Quartz) Three weeks ago, US president Barack Obama and Chinese president Xi Jinping made a groundbreaking announcement in the White House Rose Garden — both governments pledged to stop supporting cyber theft of the other country's corporate intelligence. Just one day after that deal was made public, entities affiliated with the Chinese government attempted to hack into a US tech company, according to data security company CrowdStrike. Several US pharmaceutical and tech companies have been attacked since, CrowdStrike says

The Latest on Chinese-affiliated Intrusions into Commercial Companies (CrowdStrike: the Adversary Manifesto) It has been nearly three weeks since the announcement on September 25th of the landmark Cyber agreement between the United States and China in which both nations agreed not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"

CrowdStrike: 'We Are Not Stating the Chinese Are Violating the Cyber Agreement' (Foreign Policy) When the network security company CrowdStrike revealed late Sunday that its corporate customers had suffered a series of attempted attacks by hackers linked to the Chinese government, the American media pounced. Coming in the wake of an agreement between China and the United States not to carry out economic espionage against each other, the CrowdStrike report was judged as evidence the pact was worth little more than the paper on which it was written

Anonymous Hacker Claims to Have Breached CIA Director's Email (Time) The hacker is described as "a stoner high school student"

CIA boss has his personal email account hacked… and yes, it's on AOL (Graham Cluley) Pity poor John Brennan, director of the United States Central Intelligence Agency (CIA)

Teen Who Hacked CIA Director's Email Tells How He Did It (Wired) A hacker who claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief's personal information

What we know about the spreadsheet a hacker claims to have stolen from CIA director John Brennan's email account (Quartz) A hacker claims to have accessed the personal email account of John Brennan, director of the US Central Intelligence Agency

ISIS Media Blitz Incites Palestinians To Kill Jews (Vocativ) A string of videos calls on Palestinians to wage a deadly terror campaign after weeks of rising unrest

Flaws in LibreSSL could open web servers to attack (SC Magazine) Fork of OpenSSL has serious vulnerabilities that could open servers to remote code execution

How a criminal ring defeated the secure chip-and-PIN credit cards (Ars Technica) Over $680,000 stolen via a clever man-in-the-middle attack

Malware replaces browser with a dangerous Chrome lookalike (CSO) This malicious browser looks and acts just like Chrome — except for all the pop-up ads, system file hijacking, and activity monitoring

Malvertising campaign targets Brazilian users (Symantec Connect) Portuguese speakers are targeted on a host of portals including MSN, Universo Online, and Globo

There's no place like ::1 — Malware for the masses (HP Security Research Blog) Analyzing malware samples provided by customers usually leads to interesting results

got HW crypto? On the (in)security of a Self-Encrypting Drive series (IACR) Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread

Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? (Ars Technica) "Factorization as a service" in Amazon cloud is so easy novices can do it

Crypto researchers: Time to use something better than 1024-bit encryption (CSO) It's actually possible for entities with vast computing resources — such as the NSA and major national governments — to compromise commonly used Diffie–Hellman key exchange groups, so it's time for businesses to switch to something else like elliptic curve cryptography, researchers say

CryptoLocker Spawns Endless, Awful Variants (eSecurity Planet) CryptoLocker is the granddaddy of ransomware, and thieves are developing new and more dangerous variants of it

Is it still possible to do phone phreaking? Yes, with Android on LTE (IDG via CSO) Call spoofing and overbilling are possible due to flaws in how voice is transferred over mobile data networks, researchers say

Can you trust credit monitoring agencies with your data? (MarketWatch) Is your data safe at the major credit monitoring agencies?

Undisputed Hacker Group Fin5 Stole 150000 Credit Cards From Casinos (HackRead) Two security firms (FireEye and Mandiant), have found a group of hackers (Fin5) who specialize in credit card stealing and have till date stolen 150,000 credit cards data from many unnamed casinos

Target's newest security problem: Pranksters taking over PA to blast X-rated audio (Network World) It might be an early Halloween prank, but this wasn't the first time pornographic audio has blasted from Target's intercom

Bulletin (SB15-292) Vulnerability Summary for the Week of October 12, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Flash Player emergency patch fixes one flaw already being exploited, and two others (CSO) One of the vulnerabilities is already being used in cyberespionage attacks

Kudos to Adobe. They patched Flash quicker than they promised (Graham Cluley) Last week I warned about a zero-day vulnerability in Flash that was being actively exploited in targeted malware attacks

Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data (Threatpost) Apple said it will remove 256 misbehaving apps from its App Store that were using private APIs to pull personal and device information that would allow a user to be tracked

Apple made a mistake and briefly allowed the in-app ad blocker it booted from the App Store last week back in (Business Insider) In-app ad blocker Been Choice was removed from the App Store last week, with Apple citing security concerns over the method it used to block ads

Cyber Trends

Cyber insurers could help drive IoT standards (IDG via CSO) Insurance companies will want companies to use strong protections against data breaches

Failing To Protect 'Internet Of Things' Data Is Biggest Threat To Tech, Says Symantec, Cisco, RSA Security (International Business Times) Forget Chinese hackers. American technology companies already realize that the biggest threat to their corporate image is the perception that they can't be trusted to protect customer data. And it's the Internet of Things, not state-sponsored cyberspies, that presents the biggest threat to that information

Do You Still Think Using the Internet of Things is Secure? (Coinspeaker) Researchers admit that there have recently been too many hacks of the Internet of Things devices and warn about further ones

The New Cyber Resiliency: Absorption, Containment And Real-Time Offensive (HS Today) Organizations today are subjected to meticulously scoped, expertly developed and targeted attacks by nation-states and criminal groups. Given how public large-scale data breaches have become, cybersecurity has become a household term. But this new normal means no one rests easy

Latest BSIMM Data Puts Health Care Back of the Pack (Threatpost) The folks behind the Building Security in Maturity Model (BSIMM), its sixth iteration available today, tout the project as an intersection between science and computer security

'HIPAA Not Helping': Healthcare's Software Security Lagging (Dark Reading) The latest Building Security in Maturity Model (BSIMM) study illustrates the long learning curve for secure coding initiatives

FireEye shows that even security products can have security holes (ComputerWorld) But we never should have assumed otherwise. Any product can have security holes, and security vendors aren't exempt

UK workers are significantly lacking in security awareness (Help Net Security) A new study has revealed that the majority of UK workers are not Cyber Savvy and have failed a Cyber IQ test, which was compiled by experts from ESET

Marketplace

Insurers and insured have lots to learn about hacking-related liability coverage (San Antionio Express-News via the Houston Chronicle) Ever stealthier hackers targeting everything from big banks to nonprofits have made cyber liability the hottest new thing in the insurance business, with at least 50 companies in the U.S. alone pitching policies

Blog: Small Defense Contractors Need Stronger Cybersecurity Practices (SIGNAL) Small businesses doing work for the U.S. Defense Department pose serious cybersecurity concerns, in part because of their limited resources to invest in technical and practiced security measures, according to a congressional oversight agency's assessment

Thales s'offre un spécialiste de la cybersécurité pour 350 millions d'euros (Les Echos) Le groupe d'électronique de défense veut devenir leader du chiffrement et de la protection des données

Thales to Create a Global Leader in Data Protection by Acquiring Vormetric (Thales Group) Thales (Euronext Paris: HO) today announced that it has signed a definitive agreement to acquire Vormetric, a leading provider of data protection solutions in physical, virtual and cloud infrastructures, for US$400m. The transaction is subject to customary closing conditions and expected to close during the first quarter of 2016

What Happens to RSA? (Network World) No details from Dell/EMC deal so speculations ensues

PivotPoint Quantifies Cyber Risk to Help Companies Make Smarter Security and Insurance Investments (BusinessWire) First solution that fills the actuarial data gap and answers the question "How much could a cyber breach cost?"

Cybersecurity Firm Illusive Networks Raises $22M Series B, Looks To Protect Through Deception (TechCrunch) Sometimes the best way to protect data is to make it appear as vulnerable as possible

How ManTech Became a Cyber Warrior (Motley Fool) A pair of big IT contracts could help pull ManTech's stock out of the e-dumps

Why Northrop won't give up on DHS's cybersecurity contract so easily (Washington Business Journal) Falls Church-based Northrop Grumman Corp. (NYSE: NOC) is protesting a $1 billion cybersecurity contract awarded to Waltham, Massachusetts-based Raytheon by the U.S. Department of Homeland Security

Q&A: Cylance founder Stuart McClure on Australian security myths (ARN) Cylance's Stuart McClure discusses the company's expansion into Australia and busts a few security myths

CyberPoint hopes to inspire others to give by creating $1M charitable fund (Baltimore Business Journal) CyberPoint International has created a charitable endowed fund that will commit $1 million over the next 10 years to support education, the arts and economic development initiatives in Baltimore

Products, Services, and Solutions

LookingGlass Introduces Open Threat Partner eXchange (OpenTPX) to Foster Enhanced Exchange of Network Security Intelligence (BusinessWire) OpenTPX provides machine-readable threat intelligence, combining network security operations data with threat intelligence, analysis and scoring data in an optimized manner

One step closer to an encrypted web. Next stop: HTTPS for everyone (Graham Cluley) Here's some great news for all of us who care about the security of the internet: We are one step closer today to having an encrypted web

Technologies, Techniques, and Standards

What Can Lawyers Learn From Latest China-Linked Cyberattacks? (Legaltech News) IP agreements should share only what's absolutely necessary, with strict control procedures on access, audit trails and updated technology security, and careful consideration up-front to the scope of technology involved

The Pros and Cons of Integrating Your Security system Onto a Common IP Network (IFSECGlobal) The growth in IP security and surveillance and the continuing convergence with IT provides a powerful platform for transforming the security industry

Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices (Tripwire: the State of Security) Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know

How to hack Hadoop (and how to prevent others doing it to you) (Computing) Hacking Hadoop is a surprisingly simple process — possible with freely downloadable software — due to the open source data analytics framework's propensity to be distributed with no security features

Security Professionals Agree Vulnerability Sharing Beneficial, Wary On Implementation (Legaltech News) A new survey shows the benefits are widely accepted but cohesive solutions are still lacking adoption

When encoding saves the day (Internet Storm Center) Out of most penetration tests I do, XSS vulnerabilities are still probably the most common ones we encounter (if I don't count missing Secure and HttpOnly flags on cookies :))

How to create a super-secure password you'll never forget: Use poetry (Quartz) If you're like most people, your passwords are terrible. You might have just one insecure password that you use for everything

Design and Innovation

Secure Software Development in the IoT: 5 Golden Rules (Dark Reading) The evolving threat landscape doesn't merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently

The importance of engineer ethics (Control Global) No matter how you feel about it or what others want or think, you either meet the spec or you don't

Research and Development

Let's talk about that NSA Diffie-Hellman crack (Register) 'Logjam' crypto bug researchers expand on theory in talk

IARPA's New Director Wants You to Surprise Him (IEEE Spectrum) Jason Matheny, former leader of the Office for Anticipating Surprise, hopes to cast a wide net to help solve spy-agency problems

Academia

Big Investments in Energy Grid Cyber Security (Check & Secure) The Energy Department has launched two programs totaling $34 Million for "two projects that will improve the protection of the U.S. electric grid and oil and natural gas infrastructure from cyber threats" (Clark). These programs are were awarded to the University of Arkansas and the University of Illinois

CyberPatriot VIII Breaks All Records, Draws 3300 Teams for 2015-2016 National Youth Cyber Defense Competition (PRNewswire) Team registrations grow by 55%

Day of Cyber: An Interactive Experience Sponsored by NSA (LifeJourney) NSA Day of Cyber is an interactive, self-guided, and fully-automated cybersecurity career experience that will be free for all registrants for a year

The Great Debate That Never Was (Dark Matters) It was a pleasant night on October 13, 2015. The weather was in the 70s, no rain, nothing to really complain about

Legislation, Policy, and Regulation

EU Privacy Group Sets Three Month Grace Period for U.S. Data Transfer Guidelines (Legaltech News) U.S. and EU officials will need to agree to guidelines by January 2016, or U.S. organizations will need to find alternative legal means to transfer data out of the EU

Criticising the Pending Digital Laws in Thailand (EngageMedia) Expert speakers at the Digital Laws Update, a public forum held in Bangkok, Thailand on 17 October 2015, presented their critique of pending internet laws in Thailand

U.S. and South Korea to strengthen cybersecurity coordination (SC Magazine) The U.S. and South Korea announced that the two nations will begin working together to implement stronger cybersecurity strategies

Cyber stability: why retaliation won't deter (The Strategist) Nuclear deterrence theory is often seen as the go-to solution to cyber instability

The first rule of zero-days is no one talks about zero-days (so we'll explain) (Ars Technica) Just as defenders find their feet, lawmakers move to outlaw security research entirely

Opinion: Advice for Congress, the weakest link in cybersecurity (Christian Science Monitor Passcode) As soon as Congress realizes that good security and privacy practices are paramount to cultivating a thriving tech economy, it can begin working with Silicon Valley to forge a more prosperous digital future

Former White House Advisor: Marry Infosec To Economics (Dark Reading) Melissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming'

More Cyber Professionals At The Pentagon Doesn't Guarantee Better Security (Task and Purpose) When it comes to cyber security, DoD should focus less on quantity and more on efficiency

Hacked Opinions: The legalities of hacking — Garve Hays (CSO) Garve Hays, from NetIQ, talks about hacking regulation and legislation

Litigation, Investigation, and Law Enforcement

David Cameron faces personal headache over Safe Harbour (ComputerWeekly) The UK "intervened strongly" in the legal challenge brought by Austrian law student Max Schrems that ruled Safe Harbour invalid, jeopardising data sharing between Europe and the US

It's not just emails: State Department cybersecurity deteriorated every year under Clinton (The Week) A compilation of State Department audits finds that the agency's cybersecurity — already sub-par when Hillary Clinton took office as secretary of state in 2009 — declined each successive year Clinton remained in charge

Secret code in color printers enables government tracking (Help Net Security) A research team led by the EFF recently broke the code behind tiny tracking dots that some color laser printers secretly hide in every document

Counter-terrorism bill to give Victorian police remote access to computers (Guardian) A search warrant issued by a court will still be needed but police will be able to get remote access to computers belonging to the person named in the warrant

Amazon sues over 1000 people for posting fake reviews (Naked Security) Online retail giant Amazon has filed a lawsuit against more than 1100 people it says posted fake reviews on its website

Don't Be Fooled by Fake Online Reviews Part II (KrebsOnSecurity) In July I wrote about the dangers of blindly trusting online reviews, especially for high-dollar services like moving companies

Bitpay Sues Insurer After Denied Cyber Claim for Spearphishing (Willis Wire) In December, BitPay, one of the leading BitCoin payment processors, was the victim of a social engineering attack

Veteran says financial services company USAA failed to warn her of ID theft (Fayetteville Observer) Retired Army Maj. Veronica Carter is furious with the USAA

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CEWIT 2015 (Melville, New York, USA, October 19 - 20, 2015) This year's event will be a celebration of twelve years of innovation! With four parallel tracks over the day and a half event hosting as many as four speakers in each session, the CEWIT Conference 2015...

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on...

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...

Cyber Liability Summit (New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security,...

Münchner Cyber Dialog (München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern.

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The...

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic...

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.